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Airborne  Express  CIO 
David  Billings  Did— 
Here’s  How  You  Can  Too 


Systems,  Inc.,  and  may  be 
i  of  their  respective  owners. 


Lead  conversions 
at  Quick  &  Reilly 
have  gone  up  50%. 

— Donald  E.  Froude,  CEO,  Quick  &  Reilly 


Donald  Froude 
believes  every 
customer  should 
feel  cared  for 
and  valued.  A 
philosophy  that's 
found  profitable 
results  with  Siebel's 
CRM  software. 

With  it,  Quick  &. 
Reilly's  employee 
productivity 
rose  15%.  Lead 
conversions  climbed 
50%.  Customer 
retention  went  up 
10%.  Cross-selling 
grew  5%.  Further 
evidence  that  cus¬ 
tomer  relationships 
are  still  a  company's 
best  friend. 


Good  service 
is  good  business. 


To  learn  more,  call  1-800-307-2181 
or  visit  siebel.com/casestudies. 


Introducing  Fujitsu  Consulting— a  partner  who  shares  your  vision 

In  times  like  these,  you  can’t  afford  to  work  with  a  consultant  who’s  single-minded. 
You  need  a  company  that  understands  the  true  meaning  of  collaboration.  At  Fujitsu 
Consulting,  we  share  your  vision  right  from  the  start,  and  we  never  lose  sight  of  your 
business  goals  throughout  the  process.  This  has  always  been  our  approach,  one  that 
further  benefits  from  the  expertise  and  resources  of  the  entire  Fujitsu  group,  which 
has  long  provided  world-class  IT  products  and  platforms  all  over  the  globe. 

Unique  ROI-focused  methodology 

As  a  forward-thinking  global  consulting  organization,  we  utilize  a  unique,  proven 
methodology  that  delivers  a  rapid  and  measurable  return  on  your  IT  investment. 
It  starts  by  focusing  on  the  results  the  client  expects  to  achieve.  It  then  provides 
a  road  map  through  the  design,  implementation  and  operation  of  the  solution  to 
achieve  the  desired  results. 

Industry  and  business-process  knowledge 

Fujitsu  Consulting  creates  tailored  solutions  for  a  variety  of  industries-in  particular, 
communications,  financial  services,  and  government.  Whether  it’s  core  back  office, 
front  office  or  extended  functions,  we  enable  companies  to  better  serve  their  customers 
and  collaborate  with  their  extended  supply  chain  of  employees,  vendors  and  partners. 

Fujitsu  Consulting— the  new  alternative 

In  creating  powerful  IT  solutions,  we  live  and  breathe  three  simple  ideas:  deep 
collaboration  with  our  clients,  an  eye-to-eye  approach,  and  a  passion  for  getting  the 
job  done.  It  is  the  unique  combination  of  global  scope  and  human  scale  that  sets  us 
distinctly  apart  from  our  competitors.  And,  perhaps,  earns  us  a  spot  on  your  short  list 
of  consulting  partners. 


FUJITSU 

THE  POSSIBILITIES  ARE  INFINITE 

us.fujitsu.com 


©2002  Fujitsu.  All  rights  reserved. 
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Cover  Story 

CRM  I  56 

Get  the  CRM 
You  Need  at  the 
Price  You  Want 

As  the  economy  cuts  into  CRM  spending,  companies 
are  looking  for  ways  to  move  ahead  without  breaking 
the  bank.  By  Susannah  Patton 


COVER  PHOTO  BY  KEITH  BROFSKY 


Airborne  Express 
CIO  David  Billings 
rolled  out  a  targeted 
SFA  package  for 
$3  million— about  half 
of  what  he  would  have 
paid  for  a  full  CRM  suite 


Features 


LEADERSHIP 

What  to  Do  When  Morale  Is  Low  I  92 

You  say  you’ve  tried  Hawaiian  shirt  days  and  pizza  party  Fridays, 
and  your  rT  department’s  morale  is  still  in  the  pits.  Forget  gim¬ 
micks  and  lead.  By  Simone  Kaplan 

MERGER  INTEGRATION 
Call  Together  Now  I  100 

There  was  one  sign  over  Cingular’s  door,  but  the  company  had  a 
melange  of  call  centers  cobbled  together  through  years  of  mergers. 
Here’s  how  Cingular  went  from  60  specialized  call  centers  to  20 
new  multifunction  centers.  By  Derek  Slater 


I.T.  TRENDS 

Five  Uneasy  Pieces  I  109 

CIO  casts  a  skeptical  eye  on  some  of  the  most  talked  about  tech 
trends:  biometrics,  business  process  outsourcing,  collaboration 
tools,  grid  computing  and  open-source  software. 

By  CIO  Staff 

FORECASTING  TECHNOLOGY 

They  Know  What  You’ll  Buy  Next  Summer 

(They  Hope)  I  116 

Retailers  are  looking  to  robust  forecasting  technologies  to  find 
upticks  in  the  downturn.  By  Meridith  Levinson 


With  the  task  of  consolidating 
60  call  centers  and  11  billing  sys¬ 
tems  at  hand,  Cingular  COO 
Mark  Feidler  is  calling  on  IT.  In 
the  long  run,  he  says,  "IT  is  one 
of  the  fundamental  opportunities 
to  differentiate  yourself.”  100 


CASE  FILES  I  THE  NAVAL  SEA  SYSTEMS 
COMMAND 

Building  a  Better  Battleship  I  126 

The  Naval  Sea  Systems  Command  finds  the  best  approach 
to  knowledge  management  is  one  step  at  a  time. 

By  Stephanie  Overby 

MORE  ►  ►► 
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BrightStor™  Storage  Management  Solutions 

For  years,  storage  management  has  been  an  ever-increasing  cost,  not  a  source  of  potential 
opportunity.  But  that's  all  about  to  change.  Because  we've  created  BrightStor,  the  most 
comprehensive  suite  of  end-to-end  storage  management  solutions  on  the  market.  BrightStor 
lets  you  leverage  your  resources  and  data  across  your  entire  enterprise,  regardless  of 
platform  or  protocol.  In  fact,  BrightStor  is  the  only  suite  of  solutions  that  supports  all 
three  industry  models  — DAS,  NAS  and  SAN  — cross-platform.  Which  means  you  can  look 
at  your  eBusiness  needs  as  a  whole,  not  piece  by  piece.  So  you  can  optimize  your  resources 
across  your  entire  storage  infrastructure.  And,  most  importantly,  you  can  do  more  than  just 
store  information.  You  can  actually  use  it. 


Computer  Associates™ 


HELLO  TOMORROW  WE  ARE  COMPUTER  ASSOCIATES  THE  SOFTWARE  THAT  MANAGES  eBUSINESS”' 


ca.com/storage 


©2001  Computer  Associates  International,  Inc.  (CA).  All  trademarks,  trade  names,  service  marks,  and  logos  referenced  herein  belong  to  their  respective  companies. 
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Microsoft  and  NetlQ  make  it  easier  to  manage  your  entire 
Windows  Server  environment.  You’ve  got  servers  running 
Windows®  2000  here,  servers  running  Windows  NT®  in  the  next 
building,  and  a  mix  of  platforms  running  in  your  plants  overseas. 
Managing  a  global-class  enterprise  sure  means  a  lot  of  running. 

Which  is  why  Microsoft  and  NetlQ  teamed  up  to  deliver  a 
way  to  manage  your  entire  Windows  Server  environment  from 


one  very  convenient  place:  your  desk.  It  starts  with  Microsoft® 
Operations  Manager  2000,  the  most  effective  way  to  manage 
all  your  Windows  2000-based  servers  and  applications,  from 
proactive  alerting  to  performance  monitoring  to  event  collection 
and  reporting. 

By  adding  NetlQ  Extended  Management  Pack  modules,  you 
can  also  monitor  Windows  NT  4.0  as  well  as  other  Microsoft 


©  2002  Microsoft  Corporation  and  NetlQ  Corporation.  All  rights  reserved.  Microsoft,  Windows,  and  Windows  NT  are  either  registered  trademarks  or  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries. 


servers;  mission-critical  applications  like  Oracle  RDBMS  and 
Lotus  Domino;  and  large-scale  enterprise  platforms  like  UNIX 
and  NetWare.  All  from  one  centralized  console. 

Which  means  that  you  spend  a  lot  less  time  running  around 
your  enterprise,  and  more  time  simply  and  effectively  managing 
it.  Start  reducing  your  management  burden  with  a  visit  to 
netiq.com/manageability  Software  for  the  Agile  Business. 


Microsoft 


QnetKD. 


The  names  of  actual  companies  and  products  mentioned  herein  may  be  the  trademarks  of  their  respective  owners. 
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The  Hardest  Job  in  IT 

A  person  could  get  shot  for  saying  this,  but 
the  chief  information  officer  position  is  not 
the  hardest  job  in  information  technology. 
Technology  sales  is  harder. 


In  Jerry  Gregoire’s  new  column,  the 
former  CIO  of  Pepsi-Cola  and  Dell  takes  a 
second  look  at  the  high-tech  salesman. 
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“It’s  our  view  at  Vanguard  that  the  business 
management  team  should  be  taking  the  lead  on 
business  technology  projects,  looking  to  IT  for 
facilitation  but  not  leadership.” 

-Jack  Brennan,  chairman  and  CEO  of  the  Vanguard  Group,  on  IT  value  Page  45 
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It’s  about  time. 


New  Enterprise  CRM  from  salesforce.com.  Time  for  success. 

The  days  of  waiting  to  finish  an  expensive  and  risky  enterprise  CRM  deployment  are  over.  Why  pay  for 
expensive  software  and  hardware,  lengthy  implementations  and  costly  consulting?  New  Enterprise  CRM 
from  salesforce.com  immediately  answers  all  your  needs  while  delivering  where  it  counts  -  your  bottom  line. 
Over  3,800  companies  have  already  learned  this  lesson  including  Adobe,  Fujitsu,  Siemens  and  USA  Today. 
Where  do  you  want  to  spend  your  time?  On  your  business  or  on  software? 

salesforce.com 

#1CRM.  Online.  Offline. 

Call  I.800.N0 SOFTWARE  or  visit  www.salesforce.com 

and  enter  promo  code  DV0513  for  a  FREE  TEST  DRIVE  ! 


©  2002  salesforce.com 


Seven  new  models 
from  17  "to  22  " 

Each  delivers  brilliant 
performance  and  value 
in  your  choice  of  black 
or  white  cabinet  styles. 


SuperBright™  makes 
images  come  alive. 

Instantly  doubles 
brightness  for  intense 
video,  graphics  and 
multimedia  applications. 


NaViSet™  offers  a 
new  level  of  control. 

Advanced  software 
enhances  user  control 
and  enables  remote 
adjustment  over  LANs. 


Compact,  light, 
even  more  adaptable. 

All-new  ergonomic 
design  trims  weight  and 
reduces  footprint  for  a 
better  fit  everywhere. 


\ 

Up  to  21%  less 
power  use. 

Most  models  offer 
substantial  energy 
savings  for  a  lower 
total  cost  of  ownership. 

J 


Introducing  CRT  monitors  as 

brilliant  as  your  ideas. 


With  SuperBright™  Diamondtron®,  an  all-new  design  and  even  more  lifetime  value,  our  MultiSync® 

FE™  Series  just  might  change  what  you  know  about  CRTs.  These  all-new  monitors  are  full  of  dazzling 
innovations.  For  example,  the  SuperBright  technology  in  the  MultiSync  FE77iSB,  FE7giSB,  FEg9iSB  and  FE2inSB 
models  doubles  your  brightness  for  intense  video,  multimedia  and  graphics  applications.  New  industry- 
standard  sRGB  color  matching  gives  truer  tones  in  web  applications.  And  NaViSet™  control  software  puts 
a  virtual  control  panel  on  your  desktop  for  precise  adjustment  via  mouse  and  keyboard. 

The  FE  Series  also  offers  extreme  reliability,  easy  deployment  and  low  total  cost  of  ownership.  Power 
use  has  been  reduced  by  as  much  as  21%,  lowering  electricity  costs.  Plus  we’ve  trimmed  pounds  and 
inches  for  a  lighter,  more  ergonomic  form  factor.  Besides  freeing  up  desk  space, 
the  FE  Series  also  frees  up  your  support  staff,  with  patented 
self-diagnostics  and  intelligent  network  control  capability.  Add 
NEC’s  extensive  service  and  support,  and  the  new  choice  in  CRT 
monitors  is  clear. 

Learn  more  at  www.necmitsubishi.com/FE 
or  call  888-N  EC-MITS. 

The  new  MultiSync  FE  Series. 

A  bright  investment  in  intelligent  design. 


SEE  mOQET 

MultiSync  is  a  registered  trademark,  and  FE,  NaViSet  and  SuperBright  are  trademarks 
of  NEC-Mitsubishi  Electronics  Display  of  America,  Inc.  Diamondtron  is  a  registered 
trademark  of  Mitsubishi  Electric. 

©2002  NEC-Mitsubishi  Electronics  Display  of  America,  Inc. 

All  rights  reserved.  Simulated  images  in  monitors. 
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WEIGH  IN 

How  is  your  CRM  project 
going? 

In  Get  the  CRM  You  Need  at  the  Price  You 
Want  (Page  56),  CIOs  reveal  their  strategies 
for  taming  the  CRM  beast.  What  methods 
have  you  come  up  with  for  implementing 
CRM  within  your  time  frame  and  your 
budget?  Share  your  stories. 


Our  Daily  Web 

Monday  Tech  Tact 

Technology  Editor  Christopher 
Lindquist  on  what’s  coming  and 
what  it’s  good  for. 

www.cio.com/techtact 

Tuesday  CIO  Radio 

Listen  in  as  experts  and  gurus 
discuss  critical  IT  issues. 

www.cio.com/radio 

Wednesday  Metrics 

Web  Writer  Jon  Surmacz  finds 
the  industry 
numbers  that 
matter,  www.cio 
.com/metrics 


ASK  THE  SOURCE 

How  have  you  defined  your 
IT  culture? 

In  What  to  Do  When  Morale  Is  Low 

(Page  92),  David  Van  DeVoort  of  William 
M.  Mercer  says  it’s  up  to  the  CIO— not 
the  HR  department— to  maintain  morale 
in  the  IT  department.  Ask  Van  De  Voort 
about  the  importance  of  honesty  and 
open  communication— or  post  your  own 
spirit-building  lessons. 

i 

CIO  Reader  Poll  Report 

Can  remote  conferencing 
technologies  replace 


meeting? 


LEARN  MORE 

Interview  with 
Cingular  COO 

Mark  Feidler,  chief  operating  officer 
of  Cingular  (see  Call  Together  Now, 

Page  100),  spoke  with  Executive  Editor 
Derek  Slater  about  call  centers,  hiring  a 
CIO  and  more. 


Find  links  to  these  stories  and  other  resources 
in  the  Web  Connections  box  at  www.cio.com. 


THURSDAY 

Sound  Off 

For  opinions  on 
managerial, 
political  and  ethical  dilemmas 
that  confront  CIOs  daily,  read  the 
column  that  takes  a  stand. 
comment.cio.com 

Friday  The  35  Cent  Consultant 

Executive  Editor  Derek  Slater 
gives  readers  advice  that’s  worth 
every  penny. 

www.cio.com/35cent 


To  answer 
this  issue’s 
Reader  Poll, 

Does  your  CEO 
understand  IT  value? 
go  to  www.cio.com/readerpoll. 


No 

36% 

64% 

Bp> 

Peer  Resources  The  Darwinmag.com  Connection 

CIO’s  online  sister  publication,  Darwinmag.com,  explains  technology  for  the 
nontechnology  executive.  E-mail  your  colleagues  the  following  stories  that 
relate  to  this  issue’s  features.  Find  the  links  at  www.cio.com/printlinks. 


Get  the  CRM  You  Need  at  the 
Price  You  Want  (Page  56).  Many 
technology  projects  fail  for  lack  of 
communication  between  business 
and  IT  managers.  Read  how  the 
CEO  of  one  company  was  deter¬ 
mined  not  to  let  that  happen  in 
Darwinmag. corn's  This  Changes 
Everything. 


Call  Together  Now  (Page  100). 
Most  business  executives  mistak¬ 
enly  think  of  integration  as  the 
exclusive  province  of  gearheads. 
But  true  integration  also  involves 
the  business  side.  Find  out  how  in 
Putting  Two  and  Two  Together  from 
Darwinmag.com. 
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Only  a  Xerox  Document  Centre*  shifts  your  office 
into  overdrive.  It  prints,  copies,  faxes,  scans  and  e-mails 
like  no  other.  Saving  you  time  and  money. 
There’s  a  new  way  to  look  at  it. 


Performance  proves  it.  Top  companies  know  it. 

That’s  why  86%  of  Fortune  500®  companies  rely 
on  Document  Centre  Multifunction  systems  to  save 
them  time  and  money*  Our  unique  design  provides 


maximum  network  performance.  The  result  is  cost¬ 
crunching  productivity  that  puts  your  business  way 
ahead  of  the  pack.  To  find  out  how  we  can  save 
your  business  time  and  money,  get  in  touch  today. 


Visit:  www.xerox.com/vroom  Call:  1-800-ASK-XEROX  ext.VROOM 


the  Document  Company 

XEROX 


"Certain  Document  Centre  features  are  optional.  ©2002  XEROX  CORPORATION.  All  rights  reserved.  XEROX? The  Document  Company?  Document  Centre®  and  There's  a  new  way  to  look  at  it  are  trademarks  of  XEROX  CORPORATION 


THE  STRAIGHT  GOODS  ON  e-BUSINESS  PLATFORMS. 


THE  WHOLE  e-BUSINESS 
THING  IS  A  FAD. 

Nothing  could  be  further  from 
the  truth.  In  times  of  economic 
downturn,  it  may 
seem  prudent  to 
put  the  whole 
e-Business  issue 
on  the  backburner. 

But  it's  not.  Tough 
times  call  for  speed, 
nimbleness  and  agility 
more  than  ever.  The 
time  to  get  smart  and 
implement  e-Business 
solutions  for  your 
customers  is  today. 

THE  INTERNET  CHANGES 
EVERYTHING. 


cooperate  and  commingle  inside 
your  company.  It’s  laughable  to 
pretend  that  any  one  external 
organization  can  "standardize"  all 
the  various  protocols,  systems, 
components,  new  technologies, 
languages,  databases  and  vendor 
relationships  that  your  business 
depends  on  to  succeed. 

Our  open  e-Business  platform 
embraces  diversity.  Making  all  of 
this  stuff  work  together  is  what 
our  stuff  is  all  about. 

A  WEBSITE  IS  A  PORTAL. 

A  PORTAL  IS  AN  e-BUSINESS. 

Well,  not  quite.  A  website  is  not  a 
portal.  And  even  if  it  was,  a  portal 
is  not  an  e-Business. 


The  Internet  does  not  change 
everything.  It  doesn't  change 
the  business  rules  that  run  your 
company.  Or  the  infrastructure 
you've  spent  years  building.  Or 
the  nature  of  your  business.  Or 
your  need  to  generate  revenues 
and  profit. 

The  Internet  is  obviously  a  critical 
part  of  any  e-Business.  But  the 
internet  is  only  a  common  set 
of  protocols  for 
the  transport 
of  information. 

It’s  how  well  you 
manage  that 
information 
that  determines 
the  success  of 
your  business. 


IT’S  A 
ONE-BRAND  WORLD. 

This  myth  surrounds  just  about 
every  significant  e-Business 
platform  discussion.  Virtually 
every  purveyor  of  e-Business 
platforms  touts  their  version  of 
this  "one-brand"  world.  Their 
brand,  of  course.  Big  surprise. 

At  Sybase,  we  know  it’s  just  not 
true.  Countless  brands  compete, 


Portals  and  websites  along  with 
application  servers,  databases, 
customer  relationship  programs, 
automated  supply  chains,  an 
efficiently  connected  field  force 
and  the  rest  of  your  back  office 
are  all  vital  components  of  an 
e-Business.  It's  making  them 
work  together  that's  the  trick. 

Unless  your  data  has  the  ability  to 
travel  from  a  customer's  pager  to 
your  trusty  OS/390 
mainframe  and 
then  back  to  your 
customer  via  cell 
phone,  you  may 
very  well  have  a 
website,  but  you 
really  don't  have 
an  e-Business. 


Our  proven  e-Business  platform 
totally  delivers  this  end-to-end 
functionality.  It  integrates  every 
single  aspect  of  your  business. 
What's  more,  it  has  the  scalability 
to  constantly  integrate  your  new 
components  into  the  mix.  Like 
say,  10,000  brand  new  customers, 
for  example.  Or  a  new  CRM  app. 

Just  something  to  think  about 
when  people  offer  you  buzzwords 
instead  of  technologies. 


IF  AT  FIRST  YOU  DON'T 
SUCCEED,  THROW  SOME 
MORE  MONEY  AT  IT. 

Hah.  Very  funny.  But  still  a  popular 
belief  for  a  long  time.  Listen:  It’s  all 
pure  poppycock.  The  real  e-Business 
solutions  deliver  real-life  business 
results.  By  that  we  mean  increased 
revenues,  reduced  costs  and  profit  to 
your  bottom  line. 

At  Sybase,  we  provide  e-Business 
solutions  among  the  FORTUNE  500® 
to  the  largest  firms  on  Wall  Street, 
to  the  biggest  names  in  healthcare, 
to  the  world's  largest  computer  and 
networking  companies,  and  to  the 
biggest  players  in  Europe  and  Asia. 

We  lead  the  way  in  enterprise  portal 
technology.  We  strongly  dominate  in 
enterprise  wireless  solutions.  And  we 
have  some  of  the  best  middleware 
integration  solutions  found  on  our 
planet. 

So  don't  throw  your  money  around. 
Look  for  an  ROI  that  has  a  sense  of 
immediacy.  Invest  carefully  based 
upon  proven  past  performance  and 
reasonable  expectations  of  return. 

IT’S  ALL  OR  NOTHING. 

The  Big  Bang  Theory:  You  need  to 
do  all  of  this  at  once.  Not  at  all  true. 

We  can  help  you  solve  the  problems 
you  have  today  while  simultaneously 
building  a  platform  that  can  solve 
tomorrow's  problems,  tomorrow. 

Implement  in  the  way  that's  right 
for  your  firm.  From  the  bottom 
up.  Or  the  top  down.  Component 
by  component.  It's  your  choice. 

Call  1-800-8-SYBASE  or  visit 
www.sybase.com/myths  and  we'll 
show  you  how.  Fact,  not  myth. 

I  Sybase 

Information  Anywhere' 


®2001  Sybase,  Ine.  All  rights  reserved.  All  trademarks  are  the  property  of  their  respective  owners. 


WORKS  BETTER  WHEN  EVERYTHING  WORKS  TOGET  H  E  R.'  } 


From  the  Editor 


“I  wish  the  ring  had  never 
come  to  me.  J  wish  none  of 
this  had  happened.” 

“So  do  all  who  live  to  see  such 
times,  but  that  is  not  for 
them  to  decide.  All  we  have 
to  decide  is  what  to  do  with 
the  time  that  is  given  to  us.” 

-From  the  film 
The  Lord  of  the  Rings: 

The  Fellowship  of  the  Ring 


Where’s  Morale? 


THE  PAST  YEAR’S  ECONOMY  has  made  for 
anxious,  uncertain  and — for  those  who  experi¬ 
enced  layoffs — despairing  times.  One  victim  has 
been  morale,  both  for  IT  employees  and  the  CIOs 
who  manage  them.  Though  the  cause  of  the  despair 
may  be  as  uncontrollable  as  macroeconomic  cycles 
or  shortsighted  corporate  axmen,  low  morale  must 
be  managed  in  every  company.  In  “What  to  Do 
When  Morale  Is  Low,”  CIOs  offer  strategies  to 
help  in  this  daunting  task  (see  Page  92). 

What  lies  at  the  heart  of  low  morale?  It  is  a  feel¬ 
ing  on  the  part  of  the  employee  that  the  company 
no  longer  values  him.  That  the  company  couldn’t 
care  less  about  his  happiness  or  well-being  or 
future.  It’s  true  that  companies  send  signals  that  a 
person’s  work  is  not  valued — the  clearest  signal  for 
many  IT  employees  this  past  year  was  an  increased 
number  of  layoffs.  Notice,  though,  that  I  said  the 
work  is  not  valued,  not  the  person  himself.  Unfor¬ 
tunately,  people  equate  the  value  of  their  work  with 
self-worth. 

Whether  we  are  struggling  to  bolster  staff  morale 
or  keep  our  own  spirits  up,  it’s  a  pitched  battle 
because  we  have  knotted  our  value  as  human 
beings  to  what  we  do  for  a  living.  Yes,  it’s  illogical 
to  think  that  your  boss’s  boss’s  boss,  who  barely 
knows  you  if  at  all,  can  render  you  worthless  with 
a  mere  signature  on  a  pink  slip.  People  work  to 
make  money  because  money  is  the  key  to  living 


comfortably.  But  few  professionals  seem  able  to 
maintain  that  liberating  perspective.  I  have  seen  it 
occasionally  in  new  mothers  who  return  to  work 
after  maternity  leave.  They  realize  the  job  is  not 
such  a  big  deal.  They  have  a  child;  their  value  is 
independent  of  their  employer’s  approval  rating. 

Ironically,  you  and  I  may  not  find  our  true  mea¬ 
sure  of  self-worth  until  we  experience  abject  fail¬ 
ure.  I  mean,  to  hit  bottom.  To  have  your  job  taken 
away,  your  dream  car  repossessed.  To  see  a  decade 
of  retirement  savings  lose  half  its  value  in  a  single 
year.  In  this  blackest  of  moments,  there  will  be  a 
light  as  clear  as  the  glint  on  the  edge  of  a  knife, 
revealing  that  those  things  do  not  define  you.  You 
reevaluate  who  you  are — you  aren’t  a  CIO  or  a 
project  manager  or  a  magazine  editor — you  are  the 
person,  loved  by  others,  who  once  saved  someone’s 
life  and  tried  to  save  another.  You  are  the  fifth- 
grader  who  comforted  the  kid  everyone  made  fun  of 
when  his  dog  died.  You  are  the  high  school  sopho¬ 
more  who  looked  after  an  acquaintance  who  passed 
out  from  too  much  beer  at  the  senior  class  picnic, 
who  then  became  your  lifelong  friend. 

You  resolve,  defiantly,  to  go  on,  to  rebuild.  Let 
them  take  what  you  have,  including  your  job.  Your 
value  comes  from  within,  fully  knowable  only  to 
yourself.  That’s  where  you’ll  find  your  morale  and 
the  strength  you  need  to  do  what  you  can  with  the 
time  that  is  given  to  you. 


Deputy  Editor,  pastore@cio.com 
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ENTERPRISE  INCENTIVE  MANAGEMENT  (EIM) 


PROVIDER 


Synygy  has  a  ten-year  history  of  successfully  implementing  Enterprise  Incentive  Management  (EIM) 
software  on  time,  within  budget,  and  with  consistently  high  client  satisfaction. 

Synygy  has  helped  Sun  Microsystems,  GE  Lighting,  DuPont,  Bausch  &  Lomb,  Fleet  Mortgage  Group,  Johnson  &  Johnson,  Coors  Brewing,  Siemens,  and  dozens  of 
other  Global  2000  companies  turn  their  variable  pay  plans  from  an  operational  hassle  into  a  strategic  advantage. 

Synygy  delivers  “software  as  a  service”-providing  a  full  spectrum  of  EIM  solutions  from  enterprise  software  to  ASP  to  complete  plan  management 
outsourcing— all  with  no  up-front  cost  to  purchase  software. 

Visit  www.synygy.com  today  to  request  free  white  papers  and  case  studies.  Or  call  us  at  610-664-7433  x7970  to  learn  about  The  Synygy  Guarantee  and  why 
our  success  has  made  us  the  largest  provider  of  EIM  software  and  services.  We  guarantee  that  you  too  will  be  satisfied  with  your  Synygy  EIM  solution  — or 
we’ll  give  you  your  money  back! 

www.synygy.com  s  Y  I^Y  G  Y. 

The  Incentive  Compensation  Company 


Copyright  ©  2001  Synygy  Inc.  and  Masterfile.  All  Rights  Reserved. 
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“A  passion  for  breakthrough 

innovation — in  our  value  chain 
as  well  as  our  products” 

-Michael  Volkema 
Chairman  and  CEO,  Herman  Miller 


What  the  world  knows  today  as  collaborative  product  development,  Herman  Miller 
has  had  at  the  heart  of  its  business  strategy  for  60  years.  But  as  you  would  expect  from  an 


innovator  of  this  caliber,  Herman  Miller  wants  to  define  what's  next.  That's  why  this  $2  billion  office 


furniture  leader  uses  PTC  solutions  that  enable  its  dealers  to  directly  collaborate  in  online  product  cus¬ 
tomization.  Now  Herman  Miller  won't  just  be  reducing  delivery  times  by  50  to  90  percent  —  it’ll  be  teaching  com¬ 
petitors  a  new  lesson  about  breakthrough  innovation.  For  more,  visit  www.ptc.com/hermanmiller. 
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Reader  Feedback 


THE  CERTIFICATION  SOLUTION 

Regarding  certifying  CIOs  [“Certify  the  CIO,”  Re:,  Jan.  15,  2002],  it  seems  like  a  good 
idea  in  principle,  like  New  Coke  was  thought  to  be  a  good  idea  for  Coca-Cola.  While  we 
are  at  it,  why  don’t  we  certify  CEOs  and  politicians? 

Ira  M.  Bellach  •  VP  and  CIO  •  United  Way  of  NYC  •  New  York  City  •  ibellach@uwnyc.org 


I  could  not  disagree  more  strongly  with 
Joe  Gagliardi’s  piece  on  certifying  CIOs. 
While  certifications  are  a  decent  yard¬ 
stick  with  which  to  measure  technical 
skills — especially  on  proprietary  soft¬ 
ware  where  the  people  building  and 
grading  the  exams  are  really  experts  in 
the  field — a  CIO’s  job  is  such  a  delicate 
balance  of  so  many  factors  that  objec¬ 
tive  tests  are  all  but  impossible.  For 
example,  faced  with  the  same  exact 
problem  (which  no  two  companies  ever 
are),  there  is  no  one  solution  or  even 
one  best  solution.  The  proper  solution 
depends  on  many  things,  including  the 
individual  strengths  and  weaknesses 
of  the  CIO  as  well  as  the  collective  qual¬ 
ities  of  his  team,  company  dynamics 
and  so  on.  The  problem  of  having  to 
strategize  in  an  ever-changing  world  is 
another  issue  without  textbook  right 
and  wrong  answers. 

Eric  Kassan 

Software  Development  Manager 
Chase  Credit  Systems 
Woodland  Hills,  Calif. 
ekassan@useyourmind.  com 

WIRELESS  IN  THE  WORKS 

I’m  delighted  that  your  stories  show 
how  several  of  our  customers,  includ¬ 
ing  Everest  Broadband,  University  of 
Texas  at  El  Paso  and  Banner  Health¬ 
care,  are  using  Western  Multiplex’s 
fixed  wireless  networking  equipment 
to  improve  how  they  operate  [“The 
Last  Mile — Wireless  Style,”  Emerging 


Technology,  Feb.  15,  2002]. 

I  can  personally  attest  to  its  effec¬ 
tiveness.  After  joining  Western  Mul¬ 
tiplex  a  year  ago,  I  quickly  realized 
that  we  could  take  advantage  of  the 
equipment’s  high  capacity,  flexibility, 
security  and  reliability  for  managing 
operations,  so  I  installed  a  wireless 
bridge  (Tsunami  45Mbps  full  duplex, 
including  an  additional  Tl)  between 
our  manufacturing  plant  and  head¬ 
quarters  in  Sunnyvale,  Calif.,  which 
also  host  our  bandwidth  intensive 
engineering  organization. 

We’ve  boosted  productivity  because 
of  the  very  high-capacity  connection 
and  lowered  costs  by  eliminating  two 
Tl  leased  lines  (for  voice  and  data). 

Two  clarifications,  however:  Until 
recently,  the  choices  in  point-to-multi- 
point  systems  have  been  limited  to  high 
speeds  and  short  distances  or  slower 
speeds  and  longer  distances.  However, 
Western  Multiplex  offers  a  middle 


ground — the  first  point-to-multipoint 
system  that  operates  in  the  unlicensed 
5.8GHz  band,  enabling  it  to  deliver 
both  total  capacity  of  up  to  360Mbps 
per  cell  site  and  distances  up  to  eight 
miles.  Second,  unlike  free  space  optics 
equipment,  our  microwave-based  sys¬ 
tems  are  not  affected  by  weather  and 
provide  carrier-class  reliability. 

Rita  Khayat-Toubia 
CIO  and  VP  of  IS 
Western  Multiplex 
Sunnyvale,  Calif. 
rtoubia@wmux.com 

LEGACY  MIGRATION 

Kudos  for  your  well-written  article 
[“Pull  the  Plug  on  Your  Legacy  Apps,” 
March  15, 2002].  We  started  our  migra¬ 
tion  from  our  legacy  systems  environ¬ 
ment  back  in  July  of  2000,  by  putting 
together  an  IT  framework  that  encom¬ 
passes  both  existing  and  emerging  tech¬ 
nologies.  This  intimidating  task  was 
not  as  arduous  as  one  might  think. 

The  real  challenge  was  developing  a 
plan  that  would  provide  incremental 
changes  without  impacting  the  com¬ 
petitive  landscape  and  allow  for  the 
retraining  of  employees  in  the  newer 
technologies. 

Dave  Keith 
VP  of  IT  and  CIO 
Security  Benefit  Group 
Topeka,  Kan. 
dave.  keith@securityhenefit.  com 


WHAT  DO  YOU  THINK? 

Send  your  thoughts  and  feedback 
to  letter s@cio.com.  Letters  may  be 
edited  for  length  or  clarity. 
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ORACLE  #1,  IBM  #2,  BEA  #3 


Organizational  Penetration  of  Application  Servers 
Suppliers  in  North  America 


Oracle9/AS 
IBM  WebSphere 

BEA  WebLogic 
Sybase  EA  Server 
iPlanet  Application  Server 

Other 

SilverStream 


%  of  Companies  Who  Deployed  (of  Application  Server  Adopters) 


Independent  analyst  survey  shows 
Oracle's  application  server 
has  more  customers 
than  IBM  or  BEA. 


Source:  Hurwitz  Group,  August,  2001  Orade.COm/hurwitZ 

IT  Decision-Makers  Study,  N=150  or  ca||  1.800.633.1072 


Copyright  ©2001  Oracle  Corporation.  All  rights  reserved.  Oracle  is  a  registered  trademark  of  Oracle  Corporation 
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vs.  Network  CONTINUITY 


If  your  network  goes  down,  your  business  goes 
down.  And  suddenly  you're  going  nowhere  fast.  At 
Genuity,  we've  made  it  our  mission  to  help  ensure 
that  never  happens. 

With  Genuity's  Black  Rocket  Voice, "voice  and 
data  are  combined  on  a  single,  secure  IP  network.  Providing 
failover  support  to  your  existing  PBX  telephone  system.  And 
reducing  the  risk  of  downtime  as  the  result  of  planned  or 
unplanned  disruptions.  It's  a  smart  alternative  to  traditional 
switched  and  dedicated  long  distance  services. 


But  technology  is  only  part  of  the  story.  You  need  the  right 
people,  too.  At  Genuity,  our  experts  will  work  with  you  to  help 
ensure  the  continuity  of  your  business  by  planning  for  the 
unexpected.  We  can  assess  the  security  of  your  entire  Web 
infrastructure  to  identify  vulnerabilities  and  mitigate  day-to-day 
risks.  And  we  can  monitor  and  maintain  your  network  24x7x365 
to  reduce  the  likelihood  of  unplanned  network  failures. 

For  further  information  call  1-800-GENUITY  or  visit  us  at 
www.genuity.com/ continuity. 

And  keep  things  rolling. 
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Introducing  Microsoft  Project  Server  2002,  the  newest  way  to  manage  your  enterprise  projects  at  every 

organizational  level  Today’s  complex  projects  have  grown  to  encompass  multiple  departments,  organizations,  and 
geographies,  which  means  visibility  and  collaboration  are  more  essential  than  ever.  Part  of  the  Microsoft®  .NET 
family  of  servers,  Microsoft  Project  Server  2002  works  with  Microsoft  Project  Professional  2002  to  help  you  manage 
resources  and  model  projects  across  your  portfolio.  Web-based  access  to  project  information  keeps  everyone  in  the 
loop,  at  anytime  and  from  anywhere.  And  the  open  architecture  in  Microsoft  Project  Server  2002  allows  you  to  deploy 
a  customized,  secure,  enterprise-scale  project-management  solution  that  integrates  with  your  current  business 
systems.  So  even  when  there  are  lots  of  hands  on  the  job,  they’re  still  of  one  mind. 

Find  out  how  Microsoft  Project  Server  2002  can  help  you  manage  projects  across 
your  organization.  Go  to  goprojectserver.com  Software  for  the  Agile  Business. 
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Continued  from  Page  26 

tech  workers  since  the  economy  has 
softened.  He  says  it’s  hard  to  tell  if  that’s 
the  result  of  a  weak  economy  because 
his  organization  is  too  new,  but  he 
attributes  the  increased  number  of 
applications  at  least  in  part  to  tech 
workers’  disenchantment  with  dotcom 
dreams  of  stock-option  wealth. 

“We’re  seeing  a  lot  of  people  who 
are  disillusioned  with  the  dotcom  phe¬ 
nomenon,”  he  says.  “It’s  clear  to  them 
that  they’re  not  going  to  be  million¬ 
aires,  and  the  idea  of  putting  their  lives 
on  hold  to  make  millions  no  longer 
appeals  to  them.  They’re  no  longer  say¬ 
ing,  ‘I  can  worry  about  volunteering 
when  I’m  rich.’  They  realize  they  have 
to  jump  at  opportunities  when  they 
present  themselves.” 


MANAGEMENT 

On  the  Road 


FOR  MANY  OF  US,  the  daily  com¬ 
mute  is  a  bore.  There’s  the  drone  of 
the  highway,  the  whiny  rant  of  the 
local  DJ  and  the  all-too-familiar 
scenery  day  in  and  day  out. 

Within  the  next  couple  of  years, 
though,  that  daily  grind  on  the  road 
could  get  a  bit  more  interesting.  The 
Road’s  Scholar,  currently  in  develop¬ 
ment  at  Detroit-based  research  and 
development  company  ejTalk,  is  pro¬ 
moted  as  a  “conversation  agent"— a 
safe  and  entertaining  tool  for  long 
drives.  Using  VoiceXML  and  a  cell 
phone,  the  Road’s  Scholar  lets  solitary 
drivers  interact  with  a  robotic  voice 
that  asks  trivia  questions  and  shares 
tips  such  as  how  to  classify  wine  and 


understand  stocks.  "It  talks  to  you  and 
gets  your  brain  going,”  says  Emmett 
Coin,  ejTalk  CEO  and  industrial  poet. 

The  most  useful  aspect  of  the 
Road’s  Scholar  could  be  its  ability  to 
determine  when  a  driver  is  nodding 
off  and  needs  a  little  mental  stimula¬ 
tion.  Sensors  that  notice  changes  in 
motion  on  mechanisms  such  as  the 
gas  pedal  or  the  steering  wheel  would 
activate  the  system,  and  the  driver 
would  hear,  “I  didn’t  mean  to  startle 
you,  but  you  seem  to  be  less  attentive 
to  the  road  just  now.  Would  you  like  to 
chat  for  a  bit?”  The  driver  would 
respond  with  "yes”  or  even  “sure”  and 
can  take  a  rousing  quiz  about  low-key 
facts,  such  as  state  capitols.  The 
information  has  to  be  entertaining  but 
not  too  entertaining,  Coin  says.  “We 
have  to  keep  things  interesting  but 
have  a  nice  balance  to  not  be  distract¬ 
ing,”  he  says.  “It’s  important  to  keep 
people  safe.”  -Sarah  Johnson 


TECHNOLOGY 

When  Art  Imitates  IT 


AT  MIT’s  technology  museum,  you’ll  Find  an  expressive  robot  and  learn  about  the 
history  of  holography  artists. 


WHILE  THE  TERM  installation  is  typi¬ 
cally  reserved  for  ERP,  CRM  or  even  a 
new  network,  the  MIT  Museum  is  giving 
it  new  meaning.  The  museum  is  treating 
technology  the  same  way  the  Guggenheim 
would  treat  the  latest  work  by  Christo, 
Bill  Viola  or  any  other  modern  artist. 

For  $5,  visitors  can  spend  a  few  hours 
walking  through  the  galleries  and  seeing 
installations  of  artifacts  from  the  history  of 
information  technology,  artificial  intelli¬ 
gence  and  MIT  itself.  Exhibits  include  the 
first  LISP  computer,  which  looks  like  the 
back  of  a  small  refrigerator  spray-painted 
neon  blue;  Phantom,  a  computer  interface 
that  simulates  the  sense  of  touch;  complex 
holograms;  and  even  the  air-tank  pranksters 
used  to  inflate  a  weather  balloon  in  the  mid¬ 
dle  of  the  1982  Harvard- Yale  football  game. 

The  one  knock  is  that  visitors  don’t  get 
to  interact  with  the  exhibits.  This  especially 


takes  away  from  the  artificial  intelligence 
section  of  the  museum.  Reading  about  and 
seeing  a  video  on  Kismet — a  robot  whose 
facial  expression  changes  based  on  the  tone 
of  voice  of  the  person  speaking  to  it — and 


then  seeing  the  actual  doll  protected  from  all 
human  sounds  by  2-inch-thick  glass  is 
downright  frustrating.  Maybe  that’s  pay¬ 
back  for  all  the  teasing  that  curators  and 
artists  took  in  high  school. 
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itelligence  |  Organizational  Intelligence  |  Enterprise  Intelligence  |  Intelligence  Architecture 


How  can  you  increase 
customer  profitability? 


Identify  (and  keep)  your  ■ 
most  valuable  customers? 


SAS  is  all  you  need  to  know, 


Only  SAS  provides  you  with  a  complete  view  of 
your  customers.  So  you’ll  understand  their  needs, 
enhance  their  lifetime  value  and  achieve  greater 
competitive  advantage.  To  find  out  how  leading 
companies  are  reaping  the  rewards  of  SAS 
customer  intelligence,  call  toll  free  1  866  270  5723 
or  visit  us  at  www.sas.com/customer 


The  Power  to  Know, 


are  registered  trademarks  or  trademarks  of  SAS  Institute  Inc.  in  the  USA  and  other  countries.  ®  indicates  USA  registration. 
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On  the  Move 


Compiled  by  Tom  Field 


Busch  and  Morris  Tag-Team  as  Intel  CIOs 


IT  TAKES  TWO  CIOS  to  drive  IT  at  Intel. 
The  Santa  Clara,  Calif.-based  chip  manu¬ 
facturer  recently  named  Douglas  F.  Busch 
and  Sandra  K.  Morris  as  co-CIOs.  The  two 
will  share  equal  responsibility  and  author¬ 
ity.  Busch  will  focus  on  desktop  systems 
and  infrastructure,  and  Morris  on  business 
systems  and  Internet  technology. 

Intel  has  always  had  a  CIO  function,  but 
the  person  carrying  it  out  had  “Director 
of  IT”  not  “CIO”  on  his  business  card. 
“This  is  the  first  formalization  of  the  role,” 
says  Morris.  No  single  event  led  Intel  to 
create  a  formal  CIO  position,  she  says.  “It 
was  more  a  rethinking  at  the  corporate 
level... as  part  of  a  yearly  look  at  Intel  and 
the  progress  we  had  made  in  e-business  in 
the  company.”  The  goal  of  the  two-CIO 
strategy  is  to  provide  equal  focus  on  the  e- 
business  activity  and  that  of  the  IT  group, 
she  adds. 

As  co-CIOs,  Morris  and  Busch  will 
continue  to  work  closely  together,  as  they 
have  since  1997.  “We  have  very  comple¬ 
mentary  skills,”  Morris  says.  With  Intel’s 
71  locations  worldwide,  data  manage¬ 
ment  is  one  of  the  duo’s  top  priorities. 
“It’s  a  business  challenge  as  well  as  a 
technical  challenge,”  Morris  says.  “We’re 
looking  at  how  we  connect  business  sys¬ 
tems  end  to  end,  and  how  we  manage 
data  end  to  end.”  To  address  these  and 
other  challenges,  Morris’s  group  and 
Busch’s  group  will  work  on  certain  proj¬ 
ects  independently  and  others  together, 
but  the  two  CIOs  will  increasingly 
approach  strategic  planning  as  a  team. 
“Doug  and  I  do  a  lot  of  joint  manage¬ 
ment  of  the  programs.  Over  time,  we  will 
do  more  joint  planning  together,”  Morris 
says. 

Both  Morris  and  Busch  have  logged 
several  years  with  Intel.  Busch  joined  the 
company  in  1987  and  has  held  technical 
and  management  positions  in  manufac¬ 
turing,  logistics  and  IT.  Before  being 


named  co-CIO,  Busch  was  the  director 
of  IT.  Prior  to  joining  Intel,  he  was  the 
manager  of  R&D  at  the  Battelle 
Memorial  Institute,  a  Columbus,  Ohio- 
based  R&D  organization  (whose  inno¬ 
vations  include  the  dimpled  protective 
coating  for  golf  balls,  xerography  tech¬ 
nology  used  in  photocopiers  and  the  bar 
codes  used  in  universal  product  codes). 
He  is  also  the  cofounder  of  The  Infor¬ 
mation  Architects  Collaborative. 

Morris  has  been  with  Intel  since  1985, 


when  she  joined  as  a  product  manager.  In 
1999,  she  was  promoted  to  vice  president. 
Before  her  appointment  as  co-CIO,  she 
was  director  of  e-business.  Prior  to  Intel, 
Morris  worked  at  the  RCA  Corp.’s  David 
Sarnoff  Research  Center  in  Princeton,  N.J. 
She  has  also  served  as  a  faculty  member  at 
the  University  of  Delaware,  and  has 
authored  a  book  titled  Multimedia 
Application  Development:  Using  Indeo 
Video  and  DVI  Technology ,  published  in 
1993  by  McGraw-Hill.  -Lafe  Low 


News  of  Other  Moves 


Rick  Zelznak,  former  CIO  of  the  state  of  Arizona,  has  left  that  job  for  a  new  role 
at  Maximus,  a  Tallahassee,  Fla. -based  IT  consultancy.  As  CIO,  Zelznak  directed 
the  state’s  Government  Information  Technology  Agency,  and  he  is  credited  with 
improving  electronic  links  between  citizens  and  government  agencies. 

Robert  Kolb,  a  22-year  IT  veteran  within  the  health-care  industry,  has  been  named  CIO 
of  Alere  Medical,  a  Reno,  Nev.-based  care  management  company.  In  this  new  role,  he 
will  build  and  maintain  technology  platforms  to  accelerate  the  company’s  growth. 
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No  wonder  UNIX  makes  you  feel  boxed  in.  It  ties 
you  to  an  inflexible  system.  It  requires  you  to  pay  for 
expensive  experts.  It  makes  you  struggle  daily  with  a 
server  environment  that’s  more  complex  than  ever. 


Now  for  the  solution.  Microsoft  and  Unisys  have 
joined  together  to  offer  you  a  UNIX  alternative. 

By  teaming  the  Unisys  ES7000  server  with  the 
Microsoft®  Windows*  2000  Datacenter  operating  system, 
we ’re  bringing  a  high  performance  server  solution  to  the 
enterprise  market.  A  solution  that  provides  the  flexibility 
and  agility  you  need  in  today’s  web-driven  world. 
Without  sacrificing  any  of  the  reliability  and  scalability 
you  demand. 

So,  if  your  server  environment  has  closed  you  in, 
let  us  help  you  escape.  Microsoft  and  Unisys. Two  smart 
companies,  one  brilliant  solution. 

Learn  more  about  how  the  ES7000  and  Windows 
2000  Datacenter  can  simplify  your  server  environment. 

Contact  us  for  your  free  copy  of 

“TRENDS  IN  LARGE  DATA  CENTERS 
CANDID  INTERVIEWS 
WITH  300  TOP  IT  EXECUTIVES  ” 


WE  HAVE 
YOUR  WAY  OUT. 


www.  We  H  a  ve  T  h  e  Way  O  u  t .  c  o  m 
info@WeHaveTheWayOut.com 
Toll-free:  800-548-3443 
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Virtual 


Court 


THOUGH  VIRTUAL  TRIALS  may  lack  the  caustic 
quips  or  acerbic  edge  of  Judge  Judy  you  may  soon  be 
able  to  watch  them  online.  The  state  of  Michigan  is  the 
first  in  the  nation  to  create  a  cybercourt  where  people 
can  plead  their  case  without  setting  foot  in  a  courtroom. 

Set  to  debut  in  October,  the  court  will  begin  by  handling 
business  disputes  in  excess  of  $25,000.  Matt  Resch,  deputy 
press  secretary  for  Michigan  Gov.  John  Engler,  says  the 
governor  signed  the  bill  into  law  in  hopes  that  the  prom¬ 
ise  of  speedy  resolutions  to  business  lawsuits  would  attract 

companies — particularly  technology  companies — to  the  state.  the  involved  parties  to  meet  via  videoconference  and  submit  evidence 

“It’s  difficult  to  get  slower  than  our  current  judicial  system,”  says  over  the  Internet.  Only  the  judge  is  required  to  be  in  the  state  dur- 

Todd  Harcek,  chief  of  staff  for  Rep.  Marc  Shulman  (R-West  ing  the  proceedings.  To  prevent  wasting  the  court’s  time,  there  is  a 
Bloomfield),  who  proposed  the  bill.  The  cybercourt  system  will  allow  $200  filing  fee,  and  all  parties  have  to  agree  to  the  rules  of  the  cyber¬ 
court  before  proceeding,  including 
allowing  the  judge  to  render  a  decision 
without  a  jury  present. 

At  press  time,  the  Michigan  Supreme 
Court  was  still  ironing  out  the  final 
details  with  a  legislative  oversight  com¬ 
mittee,  but  Harcek  is  assured  there  will 
be  adequate  security  when  the  trials 
begin.  Since  the  public  still  has  the  legal 
right  to  view  proceedings,  the  site 
would  have  to  be  secure  enough  to 
keep  certain  documents  contained  but 
accessible  enough  for  people  to  see 
what’s  happening  just  as  they  would  in 
a  regular  courtroom.  Resch  says  the 
virtual  court  will  cost  an  estimated 
$250,000  to  set  up,  and  those  funds 
will  come  largely  from  the  judiciary 
budget  already  in  place. 


WITH  SYSTEMS  INTEGRATION  issues  con-  it 

sistently  making  CIOs’  top  10  lists  of  Important  - 

Things  to  Do  This  Year,  colleges  are  taking  the  hint 
and  awarding  specialized  degrees  in  the  field.  First 
off  the  mark  is  Marlboro  College  in  Brattleboro,  Vt., 

which  just  announced  plans  to  launch  a  master's  program  in  systems  integration  management 
in  September  2002. 

The  degree  isn’t  as  geeky  as  it  may  sound.  The  program  will  include  courses  on  proj¬ 
ect  management,  business  systems  analysis,  legal  and  ethical  issues,  and  standard  tech¬ 
nical  topics.  It’s  meant  to  be  as  much  about  people  and  processes  as  it  is  about  routers 
and  CPUs.  “The  huge  issue  about  integration  is  not  technology,  where  the  solutions  are 
reasonably  well-defined.  The  huge  issue  is  governance.  The  messy  change  management 
side  of  integration  is  where  things  are  falling  down,”  says  Paul  LeBlanc,  founder  of  The 
Graduate  Center  and  president  of  Marlboro  College. 

He  adds  that  when  companies  have  spent  millions  of  dollars  on  systems  that  don’t  yield 
business  payback  because  the  systems  can't  exchange  information,  senior  executives  sit  up 
and  take  notice.  "They  are  increasingly  seeing  it  as  a  business  issue,”  he  says.  Funny  how  a 
direct  hit  to  the  bottom  line  will  do  that.  Learn  more  about  Marlboro  College’s  systems  inte¬ 
gration  management  program  at  www.gradcenter.marlboro.edu.  -Carol  Hildebrand 


Integration  U 


feedback _ 

Responses  or  ideas  for  Trendlines? 
E-mail  Features  Editor  Lafe  Low  at 
llow@cio.com. 


"GLORY  IS  FLEETING,  BUT  OBSCURITY  IS  FOREVER.’  -Napoleon  Bonaparte  (1769-1821) 
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See  where  I’m  coming  from .  It  takes  vision  to  know  what  your  customers 

want.  Now  Accenture  has  teamed  with  Avaya  to  provide  leading-edge  CRM  solutions  that  do  more  than 
just  connect  customers,  but  help  anticipate  their  needs.  Whether  it's  phone,  email  or  web,  Avaya 's 
intelligent  voice  and  data  technology  and  Accenture's  visionary  CRM  expertise  help  you  make  the  most 
of  your  investment.  Let  Avaya  power  your  business  to  make  every  contact  count.  Visit  avaya.com/learnmore. 


> 

accenture  AVAyA 
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Bird  Calling 


By  Ben  Wort  hen 


ONE  STORY  MAKING  the  rounds  on  the  Web  is  that  birds  living 
in  urban  areas  have  started  to  mimic  the  rings  of  cell  phones  in 
their  songs.  It’s  a  potential  nuisance  of  Hitchcockian  proportions. 
A  single  starling  chirping  by  a  sidewalk  cafe  could  cause  hundreds 
of  cases  of  tennis  elbow  as  socialites  and  yuppies  reach  for  their 
phones.  More  terrifying  is  the  carnage  a  winged  beast  could 
unleash  if  it  were  unable  to  differentiate  between  the  coo  of  a 
mate  and  the  ring  of  a  young  woman’s  cell  phone.  It’s  chilling. 
Fortunately,  it  isn’t  true. 

John  Bianchi,  a  spokesman  for  the  National  Audubon  Society, 
says  that  while  there  have  been  documented  cases  of  birds  repeat¬ 
ing  car  alarms  and  the  beep  trucks  make  when  they  back  up,  they 
simply  don’t  hear  enough  cell  phone  rings  to  learn  the  call.  “If 
you  put  a  starling  in  a  cage  and  played  [a  cell  phone  ring]  over 
and  over  again,  it  would  get  it,”  Bianchi  concedes.  But  a  bird 
being  attracted  to  a  cell  phone  ring  “is  something  that  no  one  needs 
to  worry  about — ever.” 

A  more  pressing  problem,  at  least  to  the  ornithologists,  is  that 
noise  pollution  has  caused  some  birds  in  big  cities  to  lose  their 
ability  to  sing.  “Singing  is  a  learned  activity;  it  is  not  innate,” 
Bianchi  says.  “In  some  big  cities  where  there  is  a  lot  of  noise, 
groups  of  birds  don’t  remember  or  know  their  full  song.” 


What  We’re  Buying 


By  Lafe  Lo 


w 


WHEN  YOU  LOOK  at  the  IT  shopping 
lists  of  most  companies,  CRM  technology 
is  consistently  at  the  top.  In  fact,  CRM 
spending  will  outpace  spending  in  other 
infrastructure  technology  categories 
such  as  content  management  and 
supply  chain  management,  according 
to  a  recent  report  from  Jupiter  Media 
Metrix. 

U.S.  businesses,  26  percent  of  those 
surveyed,  are  expected  to  spend  $500,000  or  more  on  CRM 
technology  over  the  next  two  years.  According  to  survey 
responses,  spending  levels  on  CRM  are  forecast  to  rise  from 
$9.7  billion  in  2001  to  $16.5  billion  in  2006.  Investments  in 
analytical  CRM  packages  such  as  marketing  applications  are 
expected  to  swell  from  $5.2  billion  in  2001  to  $8.7  billion  in 
2006.  This  segment  will  ultimately  account  for  53  percent  of 


RELATIONSHIP 

MANAGEMENT 


the  CRM  market.  Spending  on  CRM  technology  for  opera¬ 
tional  contact  centers,  which  currently  accounts  for  54  per¬ 
cent  of  CRM  spending  levels,  should  remain  constant  for  the 
next  five  years,  then  slow  in  2006  as  that  segment  of  the 
market  matures. 

Among  industry  sectors,  Jupiter  expects  financial  services 
companies  to  buy  up  the  most  CRM  technology,  and  spend¬ 
ing  forecasts  to  grow  from  $3.1  billion  in  2001  to  $5.4  billion 
in  2006.  Other  market  segments  investing  heavily  in  CRM 
include  retail  and  telecommunications.  Retail  CRM  spending 
could  reach  $3.2  billion  in  2006,  up  from  $1.7  billion  in 
2001.  Telecommunications  companies  could  spend  as  much 
as  $2.9  billion  in  2006,  up  from  $1.9  billion  in  2001. 

The  growth  in  CRM  investments  is  following  the  need  for 
technology  to  back  up  electronic  customer  contact.  The 
same  report  indicates  that  online  customer  service  contacts 
will  grow  from  870  million  in  2001  to  4.7  billion  in  2006. 
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EXPERIENCE 
THE  POWER  OF 
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WHAT  DOES 


.IVEBUSINESS 


MEAN  TO  YOU? 


RECEIVE  YOUR  COMPLIMENTARY 
LIVEBUSINESS  SOLUTIONS  KIT: 


WWW.DATAMIRROR.COM/LIVEBUSINESS 


When  your  technology  is  integrated  and  available  in  real-time,  your  organization 
can  compete  more  effectively  in  today’s  economy.  DataMirror’s  LiveBusiness 
framework  is  designed  to  help  companies  across  all  industries  rapidly  and 
cost-effectively  integrate  the  different  applications,  databases  and  computer 
systems  that  drive  their  business.  When  you  connect  people  to  real-time 
information,  you  can  achieve  competitive  advantage  and  real  business  benefits 
including  increased  business  agility,  productivity  and  responsiveness  to  customers. 

OVER  1,500  CUSTOMERS  USE  DATAMIRROR  SOFTWARE  TO  INTEGRATE  THEIR  DATA. 


I  Data  Mirror 

ZVWW.DATAMIRROR.COM  1  800  362  5955 


Copyright  ©  2002  DataMirror  Corporation.  All  rights  reserved.  DataMirror,  LiveBusiness  and  The  experience  of  now  are  trademarks  or  registered  trademarks  of  DataMirror  Corporation. 

All  other  brand  or  product  names  are  trademarks  or  registered  trademarks  of  their  respective  companies. 
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FOCUS  ON  TRAINING 

CIO’s  most  recent  IT  staffing  survey 

found  that  IT  training  is  the  most  utilized 


benefit  in  hiring  and  keeping  IT  employees, 
increasing  10  percent  in  January  2002  from 
November  2000  levels.  Monetary  incentives 
to  sign  on  with  or  stay  at  organizations  are 


less  common,  with  the  use  of  hiring  bonuses 
and  staying  bonuses  continuing  to  drop  by 
43  percent  and  47  percent  respectively  from 
November  2000  to  January  2002. 


CIO  RESEARCH 


Companies  Place  a  Continued  Focus  on  Training 

What  benefits  do  you  offer  to  attract  or  retain  IT  staff? 


Companies  Report  that  Monetary  Rewards  Are  on  the  Wane 

How  are  you  enticing  your  employees  to  stay? 


It  Is  Clear  that  Skilled  Employees  Are  Still  in  Demand 

In  your  opinion,  do  you  believe  that  there  is  an  IT  staffing  crisis  or  an  IT  skills  crisis? 


2000  2001  2002 

STAFFING  CRISIS 


2000  2001  2002 

SKILLS  CRISIS 


2000  2001  2002 

A  STAFFING  CRISIS 
AND  A  SKILLS  CRISIS 


2000  2001  2002 

NEITHER 


Best  Practices 

Use  current  employees  to  train 
each  other.  Training  doesn't 
have  to  be  in  the  classroom. 
Instead,  share  in-house  know¬ 
how  using  existing  means, 
such  as  your  company's 
intranet. 

Get  vendors  to  train  workers. 

Patricia  Kennedy,  COO,  and 
Kelly  Knight,  IT  director  at 
Acsys,  a  staffing  services  com¬ 
pany  based  in  Ipharetta,  Ga., 
suggest  that  CIOs  offload  train¬ 
ing  to  vendors.  “Ask  your  ven¬ 
dors  to  provide  some  online  or 
videoconferencing  sessions  for 
your  staff,"  she  says. 

Communicate.  If  you’re  cutting 
training,  be  open  and  honest 
with  your  staff  about  why. 
Kennedy  recommends  that 
CIOs  listen  to  their  employees 
and  address  their  needs  directly. 
“Your  staff  will  tell  you  what 
they  need  in  terms  of  training 
and  job  satisfaction,”  she  says. 


Application  Developers  Wanted  What  IT  skills  are  most  in-demand  in  your  organization? 


DATABASE 

MANAGEMENT 


WEBSITE 

DEVELOPMENT 


36% 


SECURITY/ 
USER  SUPPORT 


HELP  DESK/ 
USER  SUPPORT 


OTHER 


CIO's  IT  staffing  survey  was  administered  online  from  Jan.  1  through  Jan.  28,  2002.  Results  shown  here  are  based  on  the  responses  of  278  IT  professionals.  For  the  most  part,  survey 
respondents  had  hiring  responsibility  in  their  organization  (89  percent). 
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When  RIM,  developer  of  BlackBerry™,  needed  a  reliable  network  partner,  they  looked  to  us.  So  it's 
only  natural  that  we  chose  BlackBerry  as  a  wireless  e-mail  solution  for  our  customers.  Handling 
over  9  million  secure  e-mails  everyday,  we  help  businesses  keep  things  moving  by  sharing 
information  anytime  and  anywhere.  It's  just  one  way  we  help  build  wireless  solutions  around  our 
customers'  specific  needs.  Maybe  it's  time  we  talked.  Give  us  a  call  at  1-866-446-7594,  or  visit  us  at 
www.cingular.com/business.  Also,  feel  free  to  download  our  "orange"  paper,  Executive  Guide  to 
Wireless  Data  Strategies,  when  you  visit  our  website. 
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What  do  you  have  to  say?” 
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Cingular  Wireless,  "What  do  you  have  to  say?"  and  the  graphic  icon  are  Service  Marks  of  Cingular  Wireless  LLC.  ©2002  Cingular  Wireless  LLC.  The  BlackBerry  and  RIM  families  of  related  marks,  images  and  symbols  are  the  exclusive  properties  and  trademarks  or 
registered  trademarks  of  Research  In  Motion  Limited  -  used  by  permission.  The  RIM  950  and  RIM  957  wireless  handhelds  operate  on  the  Cingular  Network. 
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The  Hardest 

Job  in  IT 

A  person  could  get  shot  for  saying  this,  but  chief 
information  officer  is  not  the  hardest  job  in 
information  technology.  Technology  sales  is  harder. 

BY  JERRY  GREGOIRE 

CIOS  GET  70  PERCENT  of  their  information  about  new  and  quickly  evolv¬ 
ing  technologies  directly  or  indirectly  from  salespeople,  accord¬ 
ing  to  a  study  done  for  The  Wall  Street  Journal.  Scary,  but  not 
surprising.  It’s  no  secret  that  I’ve  never  been  real  fond  of  tech¬ 
nology  salesmen  or  their  endless  shenanigans,  but  still,  I  have 
to  give  these  folks  their  due.  As  hard  as  a  CIO  job  seems  some¬ 
times,  it’s  difficult  to  conceive  of  anything  harder  than  selling 
software.  Imagine  making  your  living  selling  broken  stuff — 
code  with  more  bugs  than  a  cathouse  mattress.  Or  having  to 
routinely  promise  features  that  don’t  yet  and  may  never  exist  (a 
practice  known  as  overhanging  the  market),  at  prices  that  bear 
no  earthly  resemblance  to  the  product  or  service  being  rendered. 

There’s  a  book  I  think  you  and  all  of  your  managers  should 
read  called  How  to  Sell  Technology:  Technology  Sales  Is  a 
Premeditated  Sport ,  by  Paul  DiModica.  It’s  not  Ulysses  and 
it’s  not  likely  to  be  made  into  a  screenplay  anytime  soon,  but 
it’s  a  worthwhile  read  for  a  couple  of  reasons.  First,  it  goes  a 
long  way  toward  explaining  why  salespeople  do  some  of  the 
weird  things  they  do,  and  second,  this  book  can  be  a  valuable 
tool  for  teaching  your  folks  how  to  sell  technology  projects 
within  your  company.  Oh,  and  while  you’re  at  it,  give  a  copy 


to  your  administrative  assistant.  I’m  sure  he  will  get  a  big  kick 
out  of  the  section  on  the  six  ways  to  “get  past  the  gatekeeper,” 
particularly  the  “intimidation  method.” 

I  happened  across  How  to  Sell  Technology  on  the  Internet. 
DiModica’s  website  ( www.itsalestraining.com )  promotes  the 
book  like  an  infomercial,  promising  to  reveal  “secret  proven 
formulas”  and  “dramatically  increase  your  income  and  closing 
ratio,”  complete  with  glowing  and  untraceable  testimonials  and 
a  free  bonus  if  you  order  the  manual  within  the  next  24  hours 
(24  hours  from  when,  it  didn’t  say).  Expecting  the  worst,  I  paid 
my  hundred  bucks,  and  in  a  couple  of  weeks,  the  120-page  soft- 
cover,  ring-bound  manual  arrived.  On  the  front,  a  youngish 
looking  man  (who  I  assumed  at  the  time  was  DiModica),  wear¬ 
ing  a  David  Byrne-size  jacket,  leaps  into  the  air  and  points  at 
the  sky.  That  evening  I  pulled  up  a  chair  in  my  workshop  and 
flipped  to  the  first  section,  “Perception  Is  Reality.”  What  a  way 
to  start,  I  thought.  I  set  the  book  down  and  went  to  get  a  beer. 
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This  is  the  FOREMAN 

That  placed  the  Order 

That  went  through  the  Dealer 

That  notified  Contracts 

That  alerted  Manufacturing 

That  checked  with  Accounting 

That  contacted  Shipping 

That  sent  the  Delivery 

That  sealed  the  Process 

That  lives  in  the  Business  Integration  Software 

That  we  built  Together. 


CROSSWORLDS* 


CrossWorlds  has  joined  with  IBM  to  provide 
comprehensive  business  integration  from  your 
first  step  to  the  finish.  Our  technology  powers  WebSphere®  to  not  only 
just  connect  your  applications  —  but  make  all  your  processes  work 
together.  For  the  whole  story,  visit  ibm.com/websphere/crossworlds 


CIO  Observer 


It’s  kind  of  a  shame  they  didn’t  take  a  more  dignified 
approach  to  marketing  this  book.  My  guess  is  that  it  will  be 
overlooked  by  a  lot  of  people  who  will  assume  that  the  con¬ 
tents  are  just  as  hollow  as  the  website.  In  fact,  the  book  deserves 
a  lot  more  respect  than  that.  DiModica  opens  with  an  admon¬ 
ishment  that  ought  to  hang  on  the  wall  of  every  CIO’s  office.  It 
reads:  “If  you  can’t  pick  up  the  phone  and  cold-call,  or  handle 
the  objections  from  a  tough  chief  executive  officer  of  a  large 
company  or  the  drilling  probing  of  a  small  business  owner 
because  you  are  afraid,  then  you  should  get  out  of  technology.” 

Amen. 

Sadly,  many  great  ideas  have  gotten  lost  in  the  explanation. 
The  ill-prepared  messenger,  kicked  in  the  teeth  so  often  he  could 
headline  in  Branson,  eventually  learns  it’s  safer  just  to  turn  in  the 
direction  of  the  skid. 

Using  case  studies  and  exercises,  the  book  goes  on  to  describe 


If  selling  computer  software  and  services  were  an  Olympic 
Paul  DiModica  would  be  tested  for  steroids. 


sport, 


an  approach  to  selling  technology  and  big  projects  that  is  at 
once  creepy  in  the  way  it  manipulates  situations  and  language, 
and  inspired  in  its  directness,  simplicity  and  packaging.  Some 
of  the  material  will  probably  be  a  little  disturbing  for  those  of  us 
who’ve  spent  most  of  our  working  lives  on  the  receiving  end 
of  the  pitch.  And  some  of  the  tactics  DiModica  recommends  are 
shortsighted,  to  say  the  least.  But  these  are  problems  the  reader 
can  easily  spot  and  correct. 

DiModica  and  I  met  in  a  restaurant  in  Buckhead,  Ga.,  to  talk 
about  his  book.  He  is  not  the  youngish  man  on  the  cover.  If 
selling  computer  software  and  services  were  an  Olympic  sport, 
Paul  DiModica  would  be  tested  for  steroids.  Smart,  earnest, 
hyper,  a  little  long-winded  and  a  genuinely  nice  guy,  I  barely  said 
more  than  hello  before  he  launched  into  a  soliloquy  on  his  book 
that  threatened  to  break  30  minutes.  Sensing  he  was  about  to 
take  a  breath,  I  interrupted. 

Gregoire:  Paul,  are  you  selling  all  the  time?  Do  you  ever  stop  selling? 
DiModica:  I  don’t  know.  Probably  not. 

Why  are  so  many  of  the  salespeople  I’ve  come  across  so  hard  to 
put  up  with? 

Most  salespeople  have  no  clue  how  to  sell.  The  most  impor¬ 
tant  thing  we  teach  in  our  program  is  respect  for  the  senior 
executive  and  his  time.  There  are  262,000  technology  compa¬ 
nies  in  the  United  States.  So  let’s  say  10,000  of  them  think  they 
have  something  to  sell  you.  That’s  a  lot  of  traffic  coming  to  your 
desk — mail,  phone  calls.  Now,  let’s  say  I’ve  got  a  great  new 
company  with  an  unbelievable  new  technology.  I  will  never 
get  to  you  unless  I  can  create  great  communication,  address 


your  problems  (pain)  and  intrigue  you  enough  to  want  to  speak 
with  me  for  20  minutes.  I’ve  got  to  show  respect,  be  succinct 
and  accurate,  get  in,  get  out  and  not  waste  anybody’s  time. 
Most  salespeople  don’t  know  how  to  do  that. 

So  what  are  the  top  mistakes  people  make  when  selling  technology? 

Well,  first  of  all,  most  of  them  come  to  sell  instead  of  listen. 
They’re  not  prepared,  and  they  tend  to  shoot  from  the  hip. 
Second,  they  don’t  know  what  they’re  selling. 

They  don’t  understand  their  product? 

No,  it’s  deeper  than  that.  They  don’t  understand  the  value  of 
what  they’re  selling  and,  consequently,  can’t  explain  its  value. 
Ajnd  third,  they  sell  technology  instead  of  a  solution. 

Do  you  think  we  underappreciate  technology  salespeople? 

Oh,  yeah!  They’re  unbelievably  underappreciated.  It’s  because 
of  the  pressure — the  churn  and  burn.  Buy  cycles  are  always 
different  and  longer  than  sell  cycles,  and  it’s  always  a  question  of 

how  to  make  quota.  The  pressure 
is  tremendous.  CRM  systems  have 
raised  the  visibility  of  what  we  do 
to  the  point  where  every  minute  of 
every  day,  every  meeting,  every  fore¬ 
cast  is  constantly  being  evaluated. 
So  why  would  anyone  want  to  be  a  salesman? 

Good  question.  The  pay  is  good,  if  you’re  good  at  it.  It’s  inde¬ 
pendent;  you  have  the  ability  to  be  on  your  own.  It’s  ego  too — 
it’s  for  people  who  like  to  win. 

Ah,  Yes,  Winning 

Many  of  the  IT  folks  we  all  know  are  far  more  comfortable 
with  processes  than  people.  Two  of  the  most  important  yet 
often  overlooked  soft  skills  we  should  develop  in  our  up-and- 
coming  managers  are  the  ability  to  address  an  audience  with¬ 
out  staring  at  their  shoes  and  the  ability  to  explain  (sell)  worth¬ 
while  projects  to  management. 

Years  ago,  fed  up  with  wasting  time  and  money  on  presen¬ 
tation  skills  seminars,  I  began  signing  my  people  up  for  acting 
classes  at  the  local  community  theater.  At  graduation,  each 
was  expected  to  take  a  role  in  a  public  performance  during 
that  year’s  theater  season,  for  which  the  entire  department 
would  always  turn  out.  It  did  wonders  for  their  confidence 
and  poise.  (I  can’t  say  it  did  much  for  the  community  theater’s 
longtime  director,  who,  rumor  has  it,  was  so  deeply  traumatized 
he  was  last  seen  wandering  shoeless  in  North  Dakota.) 

The  next  step,  had  I  thought  of  it  at  the  time,  would  have  been 
a  week  or  so  studying  DiModica ’s  program. 

Trust  me.  Buy  the  book.  BE] 

Editor  at  Large  Jerry  Gregoire  is  the  former  CIO  of  Dell 
Computer  and  Pepsi-Cola.  He  is  haunted  by  reader 
feedback  at  jgregoire@cio.com . 
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INTUITION 


Intuition  is  the  application  of  knowledge  based  on  experiences,  patterns  and  trends. 
Technology  alone  has  no  intuition.  It's  incapable  of  anticipating  or  adapting.  Don't 
mistake  technology  for  security.  At  best  it's  a  mechanical  solution  to  an  organic  problem. 
Intuition  is  the  human  trait  that  separates  us  from  machines,  and  it's  intuition  that 
allows  us  to  dynamically  create  strategies  rather  than  mere  solutions. 
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information  is  naked. 

Intuition  leads  to  innovation.  Not  simply  to  solutions,  but  innovative  technologies  able  to  deliver  and 
execute  intelligent  strategies.  Technology  itself  must  constantly  be  questioned,  analyzed  and  expanded 
in  directions  that  are  yet  to  exist.  Using  intuition  to  anticipate  the  future  is  the  only  way  to  secure 
information  in  the  present. 

Identifying  new  viruses,  finding  malicious  code  and  logging  security  breaches  are  no  longer  enough. 
Intuitive  Information  Security  is  the  melding  of  innovative  technology  and  human  intuition  so  that  unique 
strategies  can  be  applied  to  ever-changing  problems.  Strategies  that  are  deployed  by  tools  able  to  under- 
stand  where  information  is  vulnerable  and  how  best  to  protect  it.  From  the  desktop  to  the  file  server. 
From  the  email  server  to  the  Internet  gateway.  From  the  home  PC  to  wireless  devices  —  everywhere 
there  is  information. 

Some  may  not  believe  that  this  is  possible.  But  to  those  who  do,  a  new  level  of  information  security  will 
emerge.  One  that  is  proactive  rather  than  reactive.  One  that  uses  intuition  and  technology  to  do  what  was 
once  done  manually.  And  most  important,  one  that  allows  the  emphasis  to  change  from  packaged 
solutions  to  evolving,  intelligent  strategies. 

Intuitive  Information  Security  is  as  much  a  philosophy  as  it  is  a  technology.  Without  intuition,  information 
is  naked.  To  accept  this  simple  principle  is  to  embrace  the  philosophy  of  go-red.  And  it  is  the  basis  of 
all  of  our  products  and  services. 
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CXO  Perspectives 

Views  from  the  Executive  Suite 


Show  Me 
the  Value 

Your  CEO  is  counting  on  you  to  make  sure 
technology  investments  really  pay  off 

BY  JACK  BRENNAN 

THERE’S  A  GREAT  SCENE  in  the  1983  comedy  Trading  Places  when 
the  main  character,  a  snooty  commodities  broker  played  by 
Dan  Aykroyd,  gets  fired  and  is  forced  to  pawn  his  expensive 
wristwatch. 

“This  is  a  Roche  Vouceau,”  Aykroyd’s  character  tells  the 
Philadelphia  pawnbroker.  “The  finest  water-resistant  watch  in 
the  world.  Singularly  unique,  sculptured  in  design,  handcrafted 
in  Switzerland  and  water-resistant  to  three  atmospheres.  This 
is  the  sports  watch  of  the  ’80s.  $6,955  retail!” 

“You  got  a  receipt?”  the  pawnbroker  asks. 

“It  tells  time  simultaneously  in  Monte  Carlo,  Beverly  Hills, 
London,  Paris,  Rome  and  Gstaad,”  Aykroyd  replies. 

“In  Philadelphia,”  says  the  pawnbroker,  “it’s  worth  50 
bucks.” 

Philadelphia  pawnshops  aren’t  the  only  places  where  value 
is  subject  to  debate.  When  it  comes  to  business  technology  these 
days,  companies  are  asking  hard  questions  about  outlays  for 
new  initiatives. 

Many  companies  stopped  asking  tough  questions  during 
the  tech-spending  frenzy  of  the  late  1990s.  Having  resigned 


themselves  to  spending  large  sums  on  Y2K  compliance,  com¬ 
panies  soon  jumped  on  the  consultant-driven  bandwagon  for 
the  Internet  “revolution.”  No  one  asked,  “What’s  the  return 
on  this  project?” — if  they  did,  they  were  treated  as  bean  coun¬ 
ters  with  no  vision. 

During  the  last  two  years,  we’ve  seen  the  pendulum  swing 
again.  In  an  era  of  tight  budgets  and  slower  growth,  technol¬ 
ogy’s  hottest  toys  aren’t  worth  much  today  unless  they  deliver 
real  value  to  the  business. 

Value  for  Whom? 

From  my  perspective  as  a  CEO,  the  operative  question  in 
assessing  IT  value  is,  Value  from  whose  point  of  view?  Cus¬ 
tomers,  the  folks  in  the  back  office  and  shareholders  don’t 
always  have  a  common  view  of  what  constitutes  a  good  tech¬ 
nology  investment. 
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Customers.  In  the  eyes  of  your  customers,  any  technology  ini¬ 
tiative  is  worthwhile  if  it  makes  your  company  easier  and  more 
convenient  to  deal  with.  Take  the  most  visible  manifestation 
of  technology  in  business:  the  Web  channel,  where  your  cus¬ 
tomers  come  to  learn  about  your  company  and  buy  its  prod¬ 
ucts  and  services.  In  the  investment  industry,  clients  clamored 


Technology  initiatives  that  are  designed  to 
meet  a  perceived  customer  or  employee  need 
must  also  provide  value  to  the  shareholder. 


for  online  account  access  and  got  it,  even  though  it  might  not 
have  been  in  their  best  interest.  Easy  trading  can  tempt 
investors  to  buy  and  sell  excessively,  often  turning  a  big  nest 
egg  into  a  small  one. 

Employees.  The  people  who  work  with  you  define  technol¬ 
ogy  value  differently.  To  them,  the  most  worthwhile  initiatives 
are  those  that  make  their  job  more  interesting  or  free  them  up  to 
perform  more  value-added  tasks.  In  the  investment  industry,  the 
advent  of  automated  transaction  capabilities  a  decade  ago 
meant  that  our  people  no  longer  had  to  manually  process  every 
purchase,  redemption  or  exchange.  Instead,  they  could  process 
by  exception,  focusing  on  transactions  that  required  special 
attention. 

Shareholders.  Though  it’s  important  to  serve  the  needs  of 
customers  and  employees,  for  most  companies  it  is  the  share¬ 
holder’s  definition  of  value  that  ultimately  matters  most.  What’s 
the  return  on  the  investment?  Will  this  new  initiative  provide 
economic  value  by  improving  quality,  cutting  costs  or  increasing 
revenue?  To  justify  their  existence,  technology  initiatives  that  are 
designed  to  meet  a  perceived  customer  or  employee  need  must 
also  provide  value  to  the  shareholder. 

While  the  shareholder’s  definition  is  the  one  that  must  carry 
the  most  weight,  major  technology  investments  should  be  exam¬ 
ined  from  all  three  perspectives.  To  make  sure  that  this  occurs 
at  Vanguard,  we  typically  appoint  an  advocate  for  each  point 
of  view  when  we  consider  the  business  case  for  a  major  invest¬ 
ment.  Having  people  sit  in  those  chairs,  figuratively  speaking, 
can  be  a  good  way  to  ensure  disciplined  thinking  about  value. 
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Does  your  CEO  understand  IT 
value?  Go  to  CIO  READER  POLL 
at  www.cio.com/readerpoll. 


The  Right  Stuff 

A  fundamental  rule  about 
assessing  IT  value  is  that 
spreadsheets  don’t  tell  the 
whole  story.  There  are  mul¬ 
tiple  valuation  approaches 


for  analyzing  the  expected  return  on  a  new  initiative  (Vanguard 
happens  to  favor  net  present  value),  but  no  matter  which 
method  you  use,  you  cannot  ignore  your  business  judgment  and 
intuition.  Basing  technology  spending  decisions  on  numbers 
alone  can  be  penny-wise  and  pound-foolish. 

When  we  first  decided  to  develop  an  online  presence  for 
Vanguard  in  the  early  1990s,  it  was  all  based 
on  gut  instinct.  We  believed  intuitively  that 
online  account  access  would  enable  us  to  reduce 
the  costs  of  serving  our  clients — and,  indeed, 
that  later  proved  to  be  true — but  at  the  time, 
we  had  no  numbers  to  back  that  up  because 
the  Internet  was  so  new. 

The  CIO  and  the  CEO  have  an  intuitive 
sense  of  where  the  shareholder  value  is  in  a 
given  technology  initiative.  It’s  the  CIO’s  role  to  ensure  that 
the  enterprise  is  harnessing  the  very  best  technology  capa¬ 
bilities  for  its  broad  strategic  priorities.  One  important  ques¬ 
tion  to  ask  when  considering  any  major  project  is,  Can  this 
technology  be  leveraged  across  business  segments  to  serve 
multiple  needs? 

It’s  essential  to  distinguish  fads  from  substance,  and  here 
again,  the  CIO’s  business-technology  perspective  is  invalu¬ 
able.  For  example,  news  reporters  not  long  ago  were  asking 
every  investment  company,  When  will  you  offer  wireless  trad¬ 
ing  to  your  clients?  At  Vanguard,  we  felt  that  the  capability 
to  make  trades  while  stuck  in  rush-hour  traffic  didn’t  make 
much  sense  for  buy-and-hold  mutual  fund  investors.  Thus, 
we  offered  wireless  access  to  select  brokerage  clients  through 
an  outside  vendor  as  an  accommodation,  but  we  put  greater 
R&D  focus  on  the  development  of  analytical  tools  to  help 
clients  become  better  investors. 

One  assessment  tool  that  our  senior  staff  has  come  to  rely 
on  to  distinguish  fads  from  substance  is  the  devil’s  advocacy  ses¬ 
sion.  In  these  gatherings,  two  teams  rigorously  debate  the  pros 
and  cons  of  a  particular  course  of  action  from  multiple  per¬ 
spectives.  Fads  tend  to  lose  their  allure  when  subjected  to  such 
rigorous  examination. 

Threats  to  Value 

Having  the  right  value  focus  isn’t  the  whole  story.  Companies 
still  face  three  stumbling  blocks  on  the  path  to  effective  and 
efficient  business  technology  solutions. 

Rushing  toward  a  solution.  The  biggest  pitfall  in  business  tech¬ 
nology  decision  making  is  probably  the  rush  to  embrace  a  solu¬ 
tion  without  fully  understanding  the  underlying  need.  Defining 
the  problem  accurately  should  be  the  first  step,  and  here  the 
CEO  looks  to  the  CIO  to  play  an  active  role.  It’s  important  to 
recognize  that  technology  isn’t  the  solution  to  every  problem. 
Losing  the  focus  on  value.  Most  companies  do  a  pretty  thor- 
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ough  job  of  assessing  the  potential  value  up  front,  but  then 
they  may  forget  to  keep  that  goal  in  the  forefront  as  the  proj¬ 
ect  moves  forward.  It’s  impor¬ 
tant  to  view  value  in  light  of  the 
development  and  ongoing  costs 
associated  with  the  project.  And 
just  to  be  very  clear,  staying 
focused  and  disciplined  is  just  as 
much  on  the  shoulders  of  the 
business  sponsor  as  on  the  IT  group.  In  fact,  it’s  our  view  at 
Vanguard  that  the  business  management  team  should  be  tak¬ 
ing  the  lead  on  business  technology  projects,  looking  to  IT  for 
facilitation  but  not  leadership. 

Forgetting  to  measure  the  results.  No  project  is  complete 
without  a  means  for  measuring  how  well  it  is  delivering  the  value 
that  was  intended.  At  Vanguard,  we’ve  implemented  a  version  of 
Six  Sigma,  and  that  data-driven  methodology  is  proving  to  be 
an  invaluable  tool  for  evaluating  technology  initiatives.  Whereas 
in  the  past  we  relied  on  anecdotal  data — client  e-mails,  for  exam¬ 
ple — to  assess  new  website  enhancements,  we  now  look  at  an 
array  of  objective  statistical  data.  For  example,  after  enhancing 
the  area  where  clients  can  open  new  accounts  online,  we  moni¬ 


tor  how  many  attempts  to  use  that  feature  are  abandoned  with¬ 
out  being  completed,  and  then  we  make  improvements. 


It  seems  unimaginable  to  pursue  business  technology  solu¬ 
tions  without  measuring  the  value  provided.  How  else  can 
you  answer  the  question,  What  did  we  get  for  our  money? 
In  those  efforts,  the  CIO  has  a  pivotal  role  to  play  as  the  busi¬ 
ness  technology  leader  within  his  company.  The  CEO  can 
put  shareholder  value  on  the  top  of  everyone’s  priority  list,  but 
it’s  the  CIO  who  delivers  IT  value.  Rest  assured,  the  CEO  is 
counting  on  it.  BE] 


What  topic  would  you  like  to  see  discussed  from  the 
CEO’s  perspective?  Let  us  know  at  cxoperspectives@  ^ 
cio.com.  Jack  Brennan  is  chairman  and  CEO  for  the 
Vanguard  Group  in  Malvern,  Pa. 


No  project  is  complete  without  a  means  for  measuring 
how  well  it  is  delivering  the  value  that  was  intended. 
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True  Grit 

Conquering  new  territory  is  the  leader’s  ultimate 
challenge.  Daring  thinking  and  focused  execution  are 
just  the  beginning  of  what’s  required. 

BY  CHRISTOPHER  HOENIG 

THERE  IS  NO  greater  challenge  for  a  leader  than  breaking  new  ground. 

Whether  it’s  in  R&D  projects,  starting  or  acquiring  new  busi¬ 
nesses,  developing  new  partnerships  or  tackling  new  markets, 
the  combination  of  high  uncertainty,  potentially  hostile  forces 
and  unknown  returns  all  make  for  an  intense  mix.  But  you 
won’t  discover  that  hidden  gold  mine  by  staying  in  familiar 
territory.  It’s  a  jungle  out  there,  and  the  people  who  learn  to 
get  through  it  and  conquer  the  territory  are  some  of  the  great¬ 
est  leaders  among  us. 

My  personality  and  career  path  have  frequently  put  me  in  the 
position  of  breaking  new  ground,  and  I’ve  got  the  scars  to 
show  for  it.  Here’s  the  best  of  what  I’ve  learned  over  the  years, 
both  on  the  front  lines  and  in  the  executive  suite. 

Envision  the  Destination 

Long  before  you  see  the  new  ground,  all  you  can  do  is  imag¬ 
ine  it,  and  that’s  the  first  and  most  important  step.  Call  it  vision 
or  inspiration,  but  the  clearer  it  is,  the  more  passionate  and 
compelling  you  are  about  it,  the  more  likely  you  are  to  get  there. 

Learn  the  territory  and  set  direction.  The  ground  you’re 
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searching  for  may  be  new,  but  that  doesn’t  mean  you  can’t  get 
valuable  intelligence  early  on.  You  can  learn  about  the  terri¬ 
tory  surrounding  it,  whether  anyone  has  visited  before  and 
who  else  might  be  interested.  Be  sure  to  look  at  the  macro  and 
micro  climates  that  will  affect  you.  Critical  choices  will  depend 
on  knowing  as  much  as  you  can. 

Plan  ahead— or  plan  to  fail.  Force  yourself  to  anticipate,  look 
ahead  and  prepare.  The  worst  thing  that  can  happen  is  that 
you’ll  get  it  wrong.  If  you’re  right,  you’ll  be  ready.  Accept  that 
you  may  need  to  change  your  plan  four  or  five  times  before 
you  get  it  right. 

Choose  the  right  people.  It  can  be  a  small  or  large  effort, 
into  hostile  or  peaceful  territory,  under  pressure  or  focused 
on  the  long  term.  But  the  constant  that  determines  success  or 
failure  is  the  attitude  and  quality  of  your  team.  If  you’ve  got 
a  core  of  handpicked,  competent  and  committed  people,  your 
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odds  of  success  go  up.  If  you  don’t,  a  negative  outcome  is 
almost  predetermined. 

Think  big  enough.  Small  territories  are  not  only  easily  washed 
out,  they’re  unsustainable  and  easy  to  take  over.  From  the  very 
beginning,  you’ve  got  to  be  thinking  about  the  manageable 
territory  you  want  to  work  and  be  planning  to  scale  up  to  it. 
Scaling  is  very  difficult,  and  the  need  for  speed  adds  to  the 
degree  of  difficulty.  It  affects  your  choice  of  people  and  tools 
as  well  as  your  need  for  resources.  There  is  no  magic  formula 
for  choosing  the  right  size,  but  it  never  hurts  to  find  out  how 
big  your  competitors  are  and  make  your  first  goal  getting  to 
their  size. 

Define  the  value.  You  may  be  after  gold,  thinking  that  its 
value  is  a  certainty.  But  only  the  market  makes  it  so,  and  the 
market  can  change  quickly.  If  you’re  looking  for  a  new  material 
altogether,  then  be  prepared  for  a  tough  slog  in  convincing 


people  of  its  worth.  You’ll  need  a  working  example  for  which 
an  objective  third  party  can  independently  verify  meaningful, 
bottom-line  net  benefit. 

Expect  some  dry  holes.  Very  few  are  lucky  enough  to  find  a 
vein  of  ore,  break  ground  and  tap  into  pure  material  right 
away.  Some  of  the  biggest  gushers  came  from  areas  that  oth¬ 
ers  thought  were  worthless  because  they  didn’t  drill  enough 
holes.  You’ve  got  to  be  able  to  tolerate  setbacks.  It  took  the 
founders  of  Intel  dozens  of  rejections  before  they  got  their  first 
capital  investment. 

Watch  your  back.  Sometimes  you  can  break  new  ground  in 
secret.  But  in  general,  there’s  always  someone  watching  for 
the  payoff — to  steal  it  if  you  succeed  and  to  point  to  you  if 
there’s  a  failure.  So  watch  your  back,  and  have  others  watch 
it  for  you  too. 

Stake  Your  Claim 

Once  you’ve  found  a  place  with  promise,  you’ve  not  only  got  to 
mine  it,  you’ve  got  to  protect  it  at  the  same  time. 

Know  your  extraction  strategy.  You  may  have  a  small  vein 
that  is  easy  to  access  quickly  or  a  deep,  large  vein  that  takes 
more  investment  and  time  to  exploit.  Whether  you  learn  this 
early  through  analysis  or  only  through  actual  digging,  it  will 
determine  your  overall  effectiveness. 

Be  quiet.  For  a  patent,  trademark,  publication  or  other 
means  of  staking  a  claim,  the  general  rule  is  that  as  soon  as 


you’ve  found  something  worthwhile,  make  your  claim  quickly. 
But  do  it  quietly.  Unless  you’re  in  the  upward  swing  of  a  dot¬ 
comlike  economic  bubble,  creating  buzz  doesn’t  do  anything 
except  alert  potential  predators.  The  process  of  protecting 
your  claim  can  also  push  your  thinking  and  enhance  innova¬ 
tion.  In  my  most  recent  commercial  venture,  formulating  a 
good  patent  application — where  quality  is  measured  by  your 
ability  to  teach  another  professional  how  to  build  what  you’ve 
invented — pushed  us  to  a  whole  new  level  of  quality  in  our 
product  design. 

Know  your  neighbors.  Once  you  find  a  place  with  some  value, 
you’ll  need  to  quickly  assess  the  neighborhood.  The  people 
and  companies  closest  to  the  space  you  occupy  will  be  the 
ones  you’ll  have  to  coexist  with,  ally  with  or  fend  off.  Watch 
out  for  partners  of  convenience.  Better  to  choose  a  partner  once 
you’ve  really  determined  what  it  is  you’re  going  to  do. 

Bank  your  winnings.  As  you  achieve 
victories  and  recover  resources,  bank 
your  winnings  and  create  a  safety  net. 
Don’t  count  on  hitting  any  of  your  tar¬ 
gets  precisely.  Make  sure  you’re  pre¬ 
pared  so  that  if  things  slow  down  or 
unexpected  events  occur,  you  aren’t 
forced  to  give  up  your  claim. 

Take  it  step-by-step.  Remember  that  breaking  new  and  valu¬ 
able  ground  combines  daring  thinking  with  diligent,  disci¬ 
plined,  step-by-step  execution.  Manage  your  risks  down.  Take 
opportunities  that  come  along.  But  stay  focused  on  what  you’re 
doing  now  and  what  your  next  step  will  be.  Too  much  focus 
ahead  or  too  much  hindsight,  and  you  may  trip  and  fall. 

Know  when  to  stand  your  ground.  If  you’re  lucky  enough  to 
develop  a  new  territory,  you  won’t  be  lonely  for  long.  Others 
will  beg,  borrow,  copy  or  steal  to  get  into  your  space.  You’ll 
have  to  decide  whether  to  fight  or  move  on. 

The  rewards  of  breaking  new  ground  are  generally  uncer¬ 
tain,  but  the  risks  are  guaranteed.  So  as  a  leader,  identify  the 
mistakes  others  have  made.  Find  your  central  purpose  so  that 
you’re  not  disturbed  by  the  ups  and  downs  of  the  environ¬ 
ment.  And  find  your  colleagues.  The  more  you  reach  out  and 
get  resources  and  people  involved,  the  more  likely  you  are  to 
lead  your  way  into  your  own  little  gold  rush.  BE] 


What  do  you  think  it  takes  to  break  new  ground?  Let  us  know  at 
leadership@cio.com .  Christopher  Hoenig  has  been  an  entrepreneur 
(CEO  of  Exolve),  consultant  (McKinsey  &  Co.)  and 
inventor,  and  is  the  author  of  The  Problem  Solving 
Journey:  Your  Guide  to  Making  Decisions  and 
Getting  Results  (Perseus  Publishing,  2000).  He  is 
now  director  of  strategic  issues  for  the  General 
Accounting  Office. 


As  soon  as  you’ve  found  something  worthwhile, 
make  your  claim  quickly.  But  do  it  quietly. 
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A  SMALL 
BUSINESS  IS 

A  LOT  LIKE  A 
BIG  BUSINESS. 

(EXCEPT  ITS  YOURS.) 


The  rules  of  business  apply  to  every  business.  But  now  if  you’re 
a  small  business,  you  don't  have  to  go  at  it  alone.  SAP  and  its  partners 
can  help  you  get  more  out  of  your  organization.  We  have  scalable, 
affordable  solutions  that  are  customized  for  your  industry  —  to 
help  you  leverage  important  data,  provide  customer  support  and 
automate  your  operations.  And  because  our  SMB  solutions  can  be 
up  and  running  in  as  little  as  three  months  and  then  grow  with  vou, 
ROI  kicks  in  sooner  and  then  keeps  on  kicking  in  down  the  road. 
For  details,  visit  sap.com/smb 

THE  BEST-RUN  E-BUSINESSES  RUN  SAP 
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INTRODUCING  E-BUSINESS  ON  DEMAND 
THE  NEXT  UTILITY 


Need  light?  Find  a  socket.  No  infrastructure  to  buy. 
No  wiring  to  study.  It’s  fast.  It’s  dependable.  It’s  a  utility. 
And  it’s  the  thinking  behind  e-business  on  demandr 
from  IBM.  Infrastructure,  applications  and  business 
processes,  delivered  as  services,  via  the  Internet. 

No  long  wait.  No  huge  up-front  investments.  Just  a 
monthly  bill.  It’s  The  Next  Utility.™  And  it’s  a  no-brainer. 
Visit  ibm.com/e-business/ondemand  or  ask  for  on 
demand  at  800  IBM-7080. 
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“The  big  CRM 
suite  can  be 
a  disadvantage 
if  you’re  paying 
for  more  than 
what  you’re 
going  to  use  in 
the  near  term.” 

-David  Billings, 

CIO,  Airborne  Express 
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Cover  Story 


As  the  economy 
cuts  into  CRM 
spending, 
companies  are 
looking  for  ways 
to  move  ahead 
without  breaking 
the  bank 

BY  SUSANNAH  PATTON 


Reader  ROI 

►  See  why  a  small-step 
implementation  adds  up 
to  big  ROI 

►  Learn  why  patching 
together  different  software 
solutions  can  work 

►  Find  out  when  outsourced 
models  may  be  the  answer 


David  Billings,  senior  vice  president  and  CIO 

at  Airborne  Express,  didn’t  plan  on  skimping  when  he  set  out  to 
replace  the  company’s  5-year-old  sales-force  automation  system. 
But  as  he  surveyed  the  vendors  at  the  beginning  of  the  project  a 
year  and  a  half  ago,  he  realized  that  cost  would  play  a  part  in  the 
selection.  Billings  ended  up  with  just  what  his  Seattle-based  com¬ 


pany  needed:  a  targeted  sales-force  automa¬ 
tion  package  from  Onyx  Software,  a  midsize 
CRM  vendor,  for  $3  million — half  of  what 
he  says  he  would  have  paid  for  a  full  CRM 
suite  from  a  market  leader.  What’s  more, 
Billings  implemented  the  new  sales-force 
automation  package  in  only  six  months. 

Until  recently,  the  term  customer  relation¬ 
ship  management  was  buzzing  around  every 
corporate  executive’s  suite  as  the  IT  panacea 
that  could  transform  a  company  from 
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loyalty,  sales  figures  and,  ultimately,  profits. 

Then  the  worrisome  reports  started  to  trickle  in: 

Most  CRM  projects,  dogged  by  poor  planning 
and  user  resistance,  were  not  producing  meas¬ 
urable  benefits.  Costs  were  sky-high,  with 
major  corporations  shelling  out  anywhere  from 
$60  million  to  $90  million  for  large-scale  CRM 
implementations.  CIOs  were  clearly  getting 
burned.  (See  “The  Truth  About  CRM,”  at 
www.cio.com/prmtlinks. ) 

Then  an  interesting  thing  happened.  The 
booming  CRM  market  of  yore  started  to 
exhibit  signs  of  strain.  Independent  CRM  soft¬ 
ware  vendors  showed  a  15.7  percent  drop  in 
third-quarter  revenues  in  2001,  according  to 
Boston-based  consultancy  Aberdeen  Group. 

And  Stamford,  Conn. -based  Gartner  predicts 
that  CRM  spending  will  remain  flat  in  2002 
after  falling  8  percent  in  2001  (that’s  compared 
with  growth  of  89  percent  in  2000).  Gartner 
does  expect  spending  on  CRM  software  to 
rebound  by  10  percent — but  not  until  2003. 

Sounds  like  companies  are  pulling  the  plug 
on  their  CRM  projects.  But  that’s  not  the  case. 

According  to  a  recent  CIO  exclusive  survey, 

“CRM:  Are  Companies  Buying  It?”  companies 
such  as  Airborne  Express  have  just  learned  to 
implement  such  projects  in  easy-to-take  baby 
steps  (64  percent)  rather  than  in  one  scary  giant 
step  (only  36  percent).  (Find  the  full  survey 
results  at  www2.cio.com/research.) 

As  the  economy  officially  dipped  into  reces¬ 
sion  and  IT  spending  came  under  increased 
scrutiny,  the  scaled-down  CRM  project  was 
seen  to  provide  a  quicker  path  to  ROI.  And  the 
new  trimmer  version  doesn’t  have  to  break  the  bank  to  be  success¬ 
ful.  Like  Billings,  most  CIOs  are  going  with  more  targeted,  incre¬ 
mental  CRM  investments.  Others  are  taking  the  chance  and  patching 
different  systems  together  when  it  saves  money.  And  a  few  are  turn¬ 
ing  to  outsourced,  hosted  services  that  provide  customer-facing  tech¬ 
nologies.  All  three  strategies  work  to  the  same  end:  providing  fast 
CRM  relief  with  equally  fast  ROI. 

Step  by  Step 

AIRBORNE  EXPRESS’S  EXPERIENCE  REFLECTS  A  CAUTION  THAT  MANY 
CIOs  are  displaying  when  it  comes  to  dealing  with  expensive  and 
expansive  IT  projects.  “Some  of  those  solutions  are  more  compre¬ 
hensive,  and  that  can  be  an  advantage,”  says  Billings.  “But  it  can  also 
be  a  disadvantage  if  you’re  paying  for  more  than  what  you’re  going 


to  use  in  the  near  term.” 

Sentiments  like  that  have  not  gone  unnoticed  by  the  big-name 
vendors.  Oracle,  PeopleSoft,  SAP  and  Siebel  Systems  are  reacting 
to  buyers’  scaled-down  demands.  Barton  Goldenberg,  president 
and  founder  of  ISM,  a  CRM  consulting  company  headquartered 
in  Bethesda,  Md.,  recounts  the  story  of  a  bidding  war  between  Siebel 
and  another  vendor.  The  vendor,  whose  software  is  considered  best 
in  class,  “offered  a  bid  of  $650,000  for  a  package  that  only  cov¬ 
ered  marketing  and  sales-force  automation,”  says  Goldenberg. 
“Siebel  came  in  with  $1.6  million  for  their  integrated  CRM  suite.” 
When  the  battle  looked  lost,  however,  Siebel  came  back  with  a 
more  targeted  version  at  a  better  price — and  won  the  contract.  And 
that’s  how  things  are  going  to  be  “for  the  next  six  to  12  months,” 
says  Goldenberg. 


laggard  to  trendsetter  by  boosting  customer 


David  Henderson,  chief  marketing  officer  for 
Group  Health  (above),  has  seen  his  company 
go  from  basic  technology  to  implementing  a 
successful  slice  of  CRM  in  two  short  years. 
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For  example,  Group  Health,  a  nonprofit  health  insurance  com¬ 
pany  based  in  New  York  City,  has  gone  from  very  basic  technology 
in  its  100-member  sales  department  to  implementing  a  successful 
slice  of  CRM  in  two  short  years.  Last  year,  it  implemented  Siebel’s 
sales-force  automation  software  in  three  months,  for  an  initial  cost  of 
about  $500,000. 

Now  Group  Health  is  working  on 
implementing  Siebel  software  that  auto¬ 
mates  the  RFP  process.  Though  future 
modules  have  been  planned,  the  company 
is  holding  off  on  further  investments  for 
the  moment  because  of  concerns  about  the 
economy.  “It  will  be  more  difficult  to  get 
financing  of  other  modules  and  more  dif¬ 
ficult  to  justify  [them]  through  ROI,”  says 
David  Henderson,  the  company’s  senior 
vice  president  and  chief  marketing  officer, 
who  worked  with  the  IT  and  sales  depart¬ 
ments  to  choose  the  CRM  technology. 

According  to  Steve  Mankoff,  Siebel’s 
senior  vice  president  of  technical  services, 

Siebel  customers  are  looking  for  “quick 
win”  solutions.  Mankoff  maintains  that 
Siebel,  the  current  CRM  software  leader, 
has  encouraged  a  phased  approach  to 
implementation  from  the  beginning  and  is 
now  seeing  more  of  a  focus  on  ROI.  For  its 
part,  Oracle  is  offering  subscription  and 
nonsubscription  services  over  the  Web  for 
customers  who  want  a  cheaper,  faster 
CRM  fix.  “The  goal  is  to  offer  customers 
lots  of  options  through  both  online  and 
conventional  implementations,  and  to  get 
it  up  and  running  quickly,”  says  Lisa 
Arthur,  Oracle’s  vice  president  for  CRM 
marketing.  She  concedes,  however,  that 
“You  can’t  do  all  of  CRM  quickly.” 

But  “all  of  CRM”  is  not  the  goal  for 
many  companies.  International  Speedway, 
the  Daytona  Beach,  Fla.,  company  that 
sponsors  Nascar  and  other  motor  races  at 
12  venues  around  the  country,  took  a  tar¬ 
geted,  slower  track  to  CRM.  When  Craig 
Neeb  joined  the  company  as  its  first  CIO 
two  years  ago,  he  immediately  focused  on 
areas  that  were  key  to  boosting  revenue: 
installing  ticketing  systems,  and  promot¬ 
ing  sales  and  merchandise  over  the 
Internet.  Neeb  looked  at  a  wide  array  of 
CRM  vendors  and  chose  Vertical  Alliance 


to  rebuild  the  company’s  website  and  set  up  a  fan  loyalty  program. 
The  budget  for  software,  re-architecture  and  implementation,  which 
took  about  two  months,  came  to  $1.5  million  for  International 
Speedway,  which  has  annual  revenues  of  roughly  $500  million. 
“You  have  to  find  the  best  fit  for  your  immediate  objectives,”  Neeb 
says.  “We  have  a  fairly  simple  operation.  Why  add  complexity?  Our 

plan  is  to  move  slowly  and  add  to  the  sys¬ 
tem  over  time.” 

Adam  Honig,  president  of  Akibia 
Consulting,  a  Westborough,  Mass.-based 
consultancy  that  specializes  in  CRM,  says 
companies  should  focus  on  quick  wins: 
Analyze  their  situation  for  two  weeks  and 
then  implement  a  small  piece  of  a  pack¬ 
age.  Then,  they  need  to  establish  ROI 
before  they  can  move  on.  “We’ve  always 
looked  at  CRM  as  small,  tactical  and  pro¬ 
gressive,”  says  Honig.  “The  18-  to  24- 
month  implementations  are  a  myth  cre¬ 
ated  by  the  large  consulting  firms.” 

Patching  Things  Together 

COMPANIES  ARE  OFTEN  FINDING  THAT  NO 
one  CRM  vendor  can  address  all  their  cus¬ 
tomer-related  needs.  They’re  willing  to 
take  on  the  headaches  of  patching  systems 
together  to  get  exactly  what  they  want. 

When  FedEx  bought  the  transportation 
company  RPS  in  January  1998  and  set  out 
to  merge  the  sales  and  IT  departments,  Scot 
Struminger,  a  vice  president  of  IT  for  cor¬ 
porate  headquarter  systems  at  FedEx 
Services  in  Memphis,  Term.,  started  look¬ 
ing  for  a  sales-force  automation  system  that 
he  could  install  quickly  for  the  company’s 
2,000  salespeople.  He  selected  CRM  ven¬ 
dor  Youcentric  (recently  bought  by  J.D. 
Edwards)  primarily  because  he  wanted  to 
save  time  and  money.  While  packaged 
CRM  applications  often  require  companies 
to  load  and  maintain  customer  data 
within  the  application,  Struminger  notes, 
Youcentric  and  some  other,  more  flexible 
vendors  let  customers  plug  in  to  preexisting 
back-end  databases.  The  result,  he  says,  is 
that  companies  can  save  money  because 
they  don’t  have  to  build  a  brand-new  data 
mart,  as  they  do  with  some  of  the  larger 
CRM  vendors. 

FedEx  Services  is  in  the  process  of  inte- 


Based  on  199  respondents,  The  "CRM:  Are  Companies  Buying  It?" 
exclusive  CIO  survey  was  administered  online  during  December  2001. 
Results  are  based  on  responses  of  224  IT  professionals.  For  the  full 
survey,  go  to  wvm2.cio.com/research. 


More  than 
36  months 


24  to  36 
months 


Based  on  194  respondents. 

Numbers  do  not  total  100  due  to  rounding. 
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'An  enterprise  cannot  become  resilient  unless  it  can  effectively 
operate  a  backup-and-restore  method  for  all  of  its  user 
workstations  -  in  the  offices,  mobile  and  remote. 

Continuous  backup,  and  the  ability  to  restore  anywhere  and 
anytime,  is  fundamental  not  only  as  a  convenience  to 
the  individual  user,  but  to  the  survival  of  the  business. 

The  great  majority  of  tools  for  backup  and  restore  are  based  on 
the  erroneous  assumption  that  the  user  will  have  constant 
access  to  a  high-speed  LAN.  yy 

Best  Practices  for  Mobile  Workforce  Information  Backup, 

John  Girard,  Gartner  Research,  QA,  Dec  2001 
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grating  its  sales-force  automation  application  with  its  PeopIeSoft  ERP 
system,  a  sales  compensation  application  from  Trilogy  and  call  center 
software  from  Clarify,  all  using  Tibco  software  to  pass  information 
among  the  different  packages.  “We  decided  to  go  with  multiple  ven¬ 
dors  in  order  to  find  the  best  in  each  area,”  Struminger  says.  “Piece 
by  piece,  we  have  implemented  them  all  gradually.” 

In  FedEx’s  case,  patching  together  software  from  different  vendors 
has  helped  avoid  major  problems.  For  example,  when  FedEx  Services 
first  implemented  its  Youcentric  CRM  system,  the  company  under¬ 
estimated  the  difficulties  some  field  reps  would  have  in  accessing 
the  Web-based  system.  Struminger  and  his  team  were  able  to  mod¬ 
ify  the  system  by  making  changes  to  the  server  during  a  weekend.  If 
FedEx  had  installed  CRM  software  on  all  the  laptops,  “it  would 
have  been  a  costly  nightmare,”  he  says,  noting  that  larger  CRM 


We  have  a  fairly  simple  operation. 
Why  add  complexity?  Our  plan  is  to  move 
slowly  and  add  to  the  system  over  time. 

- Craig  Neeb ,  CIO,  International  Speedway 


packages  he  had  looked  at  required  that  type  of  installation. 

Denis  Pombriant,  research  director  in  CRM  at  Aberdeen  Group, 
calls  this  modular  approach  to  CRM  the  wave  of  the  future.  For 
example,  if  a  company  chooses  a  vendor  that  uses  Java  architec¬ 
ture,  it  can  also  develop  Beans  (reusable  software  components  writ¬ 
ten  in  Java  that  can  be  used  by  a  Java  development  environment)  that 
will  integrate  into  a  legacy  system.  “In  this  way,  it’s  entirely  possible 
to  mix  multiple  vendors,”  Pombriant  says.  “I  call  this  ‘best  of  breed 
on  steroids.’” 

CRM  for  Rent 

FOR  THOSE  WHO  DON’T  MIND  FORGOING  THE  ABILITY  TO  CUSTOMIZE 
CRM  applications,  or  for  small  companies  that  need  only  a  tar¬ 
geted  application  such  as  sales-force  automation,  ASPs  can  be  an 
alternative  to  putting  off  CRM  ambitions. 
Vendors  such  as  3-year-old  Salesforce.com 
and  4-year-old  Upshot  offer  rented  CRM 
applications,  with  a  focus  on  sales-force 
automation  that  can  be  less  expensive  than 
what  a  major  CRM  vendor  would  charge  for 
a  year.  Such  nipping  at  the  heels  has  prompted 
the  top  dogs,  such  as  Oracle,  PeopIeSoft  and 
Siebel,  to  also  offer  outsourced  CRM  pack¬ 
ages.  For  those  who  need  more  personaliza¬ 
tion  and  control,  there  is  the  managed  service 
provider  (MSP),  such  as  Wheelhouse,  which 
offers  consulting  services  and  some  cus¬ 
tomization  in  addition  to  a  hosted  applica¬ 
tion.  Consulting  companies  such  as  Cap 
Gemini  Ernst  &  Young  and  IBM  Global 
Services  also  offer  MSP  CRM  packages. 
(C/O’ s  publisher,  CXO  Media,  holds  an 
investment  stake  in  Salesforce.com  and 
Wheelhouse.) 

Rodric  O’Connor,  CTO  at  San  Francisco- 
based  investment  bank  Putnam  Fovell 
Securities,  decided  to  take  the  risk  of  going 
with  an  ASP.  The  economy  wasn’t  yet  in 
retreat  in  early  2000,  and  Putnam  Fovell  was 
still  growing.  O’Connor  had  to  decide 
whether  to  add  to  his  six-person  IT  staff  in 
order  to  build  a  bigger  infrastructure  and 
maintain  complicated  software  installations. 
As  the  boutique  bank  grew,  IT  requirements 
were  starting  to  become  unwieldy.  Nine  sep¬ 
arate  databases  held  customer  information, 
and  each  division  had  its  own  contact 
records.  “It  was  a  nightmare,  and  there  was 
pain  involved,”  O’Connor  says.  Customers 
were  routinely  receiving  duplicate  research 
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Case  in  point :  The  U.S.  Chamber  of  Commerce,  the  world’s 
largest  non-profit  business  federation,  engaged  Lockheed  Martin 
to  upgrade  their  infrastructure  and  accelerate  system  implementation. 
The  resulting  collaboration  enabled  the  U.S.  Chamber  to,  not  only 
meet  their  financial  goals,  but  also  to  educate  their  staff  on  the  benefits 
of  using  IT  to  solve  business  problems. 
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www2.  cio.  com/research. 


reports,  even  holiday  cards — or  none  at  all.  O’Connor  looked  at 
vendors  including  Siebel  and  Onyx,  but  he  decided  outlays  of  up 
to  $2  million  were  too  much  to  swallow  for  a  small  bank,  even 
with  its  expected  growth. 

“We  were  close  to  going  with  one  of  those  vendors  but  were 
concerned  about  ROI,”  O’Connor  says.  Instead,  Putnam  Lovell 
signed  on  with  Salesforce.com,  which  charges  a  set  subscription  fee 
of  $65  per  user,  per  month.  The  ASP’s  sales-force  automation 
application  created  a  single  database  and  allows  134  users  at  the 
bank  to  track  client  relationships  by  sending  out  e-mails  auto¬ 
matically  and  automating  the  delivery  of  research  to  clients. 
O’Connor  says  the  client  research  mechanism  is  saving  the  com¬ 
pany  $200,000  a  quarter  and,  according  to  his  calculations,  out¬ 
sourcing  has  reduced  the  total  cost  of  ownership  by  57  percent. 

Despite  the  cost  advantages,  many  shy  away  from  ASPs  because 
they  fear  the  consequences  to  their  business  if  the  hosting  company 
shuts  down.  O’Connor  combats  that 
worry  by  regularly  speaking  directly  to 
Salesforce. corn’s  CFO.  Hosted  CRM  soft¬ 
ware  also  suffers  from  a  lack  of  cus¬ 
tomization  capability,  as  well  as  integra¬ 
tion  problems.  However,  some  of  those 
integration  difficulties  are  getting  resolved 
as  ASPs  come  out  with  XML  interfaces 
that  allow  users  to  pump  data  from  one 
outsourced  application  to  another.  Still, 
companies  need  to  look  carefully  at  how 


much  customization  they  will  require  when  deciding  to  outsource 
a  CRM  application.  “When  the  scope  is  limited,  a  hosted  ASP 
model  is  quite  good,”  says  Jocelyn  Young,  program  manager  for 
CRM  services  at  Framingham,  Mass. -based  IDC  (a  sister  company 
to  CXO  Media).  “But  if  a  company  wants  a  more  comprehen¬ 
sive  solution  that  would  allow  for  the  integration  of  customer 
data  with  marketing  campaigns,  then  an  MSP  model  might  be 
more  effective.” 

Kevin  Scott,  an  analyst  at  Boston-based  AMR  Research,  adds 
that  while  ASPs  aren’t  the  right  choice  for  all  companies — if  you 
have  more  than  1,000  users,  such  solutions  may  not  be  scalable — 
they  could  be  a  good  option  for  a  division  head  who  wants  to  get 
a  project  up  and  running  quickly.  Using  an  ASP,  he  says,  doesn’t 
preclude  investing  in  a  CRM  software  package  when  the  econ¬ 
omy  picks  up.  “Is  it  worth  it  to  do  a  cheaper,  rented  application  for 
a  year  then  throw  it  away?”  Scott  says.  “In  some  cases,  it’s  not  a 

completely  wrong  choice  to  make.” 

As  O’Connor  and  Airborne  Express’s 
Billings  found  out,  CIOs  are  now  in  the 
CRM  driver’s  seat.  Implementations  can 
be  shorter  term  and  relatively  painless. 
What’s  more,  as  O’Connor  says,  “CRM 
doesn’t  have  to  be  expensive.”  BE] 


Senior  Writer  Susannah  Patton  would  like  to 
hear  how  you’re  taming  the  CRM  beast.  E-mail 
her  at  spatton@cio.com. 


cio.com _ 

How  is  your  CRM  project  going? 

WEIGH  IN  with  your  strategies  and 
advice.  Go  to  the  Web  Connections  box 
at  www.cio.com. 

For  the  complete  results  of  our 

CRM:  ARE  COMPANIES  BUYING  IT? 

survey,  go  to  www2.cio.com/research. 
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ENSURING  SURVIVABILITY  AND  CONTINUITY 


As  we’ve  all  learned  too  well  from  sept- 

ember  n,  staying  secure  requires  constant  vigi¬ 
lance.  The  threats  we  face  are  myriad;  they  come 
from  mundane  mistakes  as  well  as  malicious 
i  intent,  from  inevitable  equipment  failure  and 
\  service  provider  disruptions  to  less  probable 
1  natural  disasters  and  terrorist  attacks. 

■  The  challenge  for  CIOs:  to  stand  always 
prepared  in  a  competitive  context  which  increasingly 
demands  that  organizations 
provide  continuous  business  serv¬ 
ices  and  information  systems  and 
networks  that  are  always  on, 

24x7x365.  Thus,  notes  Gartner 
researchers,  when  significant  sys¬ 
tem  outages  do  occur  —  whatever  the  cause  —  the  typ¬ 
ical  organization  has  from  two  to  24  hours  to  recover. 

This  means  that  an  enterprise’s  essential  services 
and  assets  must  return  to  at  least  a  minimum  func¬ 
tionality  —  or  else  the  enterprise  simply  cannot  do 
business.  Such  a  demanding  requirement  entails: 
FENDING  OFF  ATTACKS.  Organizations  need  to  imple¬ 
ment  an  assortment  of  hardening  techniques  — 
among  them  virtual  private  networks  (VPNs),  firewalls, 
encryption  —  in  addition  to  operating  system/appli¬ 
cation/data  backup,  strong  authentication  and  access 
control,  constant  system  and  application  updating,  and 
solid  configuration  management. 

SPOTTING  INTRUSIONS  AND  CONTAINING  THE  DAMAGE. 
Organizations  need  tools  to  help  them  monitor  sys¬ 


tems  and  networks,  scan  for  viruses,  identify  intrusion 
patterns  and  data  anomalies,  and  conduct  integrity 
checking  and  regular  audits. 

RESTORING  SERVICES  AFTER  A  FAILURE  OR  ATTACK.  Orga¬ 
nizations  need  to  develop  operational  procedures  that 
isolate  damage  and  recover  system  configurations, 
applications  and  data.  This  involves  building  and  taking 
advantage  of  system  redundancies,  and  using  offsite 
backup  facilities  (hotsites  and/or  coldsites.)  Sometimes 


WHEN  SIGNIFICANT  OUTAGES  DO  OCCUR, 
THE  TYPICAL  ORGANIZATION  HAS  FROM 
TWO  TO  24  HOURS  TO  RECOVER. _ 


full  services  cannot  be  quickly  restored;  an  alternative 
(read:  better  than  nothing)  is  to  operate  with  abridged 
services  or  to  a  subset  of  the  user  base. 

LEARNING  FROM  THE  PAST.  Every  accident,  disaster,  attack 
and  intrusion  has  something  to  teach  and  offers  insight 
into  what  an  organization  can  do  better  to  avoid  future 
catastrophe.  Post-mortems  can  help  identify  and  put  to 
work  new  ways  to  filter  data,  new  patterns  that  signal 
anomalies,  new  data  elements  that  should  be  logged  and 
audited,  new  procedures  that  improve  response. 

This  CIO  Strategic  Directions  supplement 
explores  the  many  powerful  technologies,  products 
and  services  that  can  help  enterprises  prevent,  resist, 
and  recover  from  the  events  we  all  hope  will  not  occur 
but  can  never  afford  to  disregard.  SD 
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WELCOME  TO  THE 

UNBOUNDED 

NETWORK 


N  ITS  2001  SURVEY  OF  MORE  THAN 
1,000  IS  managers,  Computer 
Sciences  Corp.  found  that  nearly 
90  percent  of  those  queried  were 
shepherding  new  system  develop¬ 
ment  initiatives.  No  fewer  than  85 
percent  of  these  efforts  involved 
using  the  Internet,  that  unbound¬ 
ed  public  network  to  which  any¬ 
one  has  access. 

The  risks  inherent  in  letting  anyone 
on  the  Internet  into  corporate  IT  sanc¬ 
tums  are,  of  course,  profound:  mostly  it’s 
about  loss  —  of  revenue  and  profit,  pro¬ 
ductivity,  sensitive  information,  reputa¬ 
tion,  customer  confidence  and  loyalty 

CAUGHT  IN  THE  BREACH 

Nor  is  the  risk  just  theoretical.  Fully  85 
percent  of  those  participating  in  the 
2001  Computer  Security  Institute 
(CSI)/FBI  survey  suffered  security 
breaches;  the  average  reported  loss  was 
around  $2  million.  Meanwhile,  the 
number  of  security  incidents  —  includ¬ 
ing  website  attacks,  malicious  viruses 
and  network  intrusions  —  reported  to 
Carnegie  Mellon  University’s  CERT 
(Computer  Emergency  Response 
Team)  Coordination  Center  jumped 
200  percent  from  2000  to  2001,  top¬ 
ping  52,000.  The  number  of  security 


vulnerabilities  in  hardware  and  software 
exploded,  too  —  from  1,090  in  2000  to 
2,437  in  2001.  And  according  to  a 
review  by  the  U.S.  General  Services 
Administration,  during  2000  outsiders 
broke  into  and  temporarily  controlled 
at  least  155  computer  systems  at  32  fed¬ 
eral  agencies. 

Still,  most  computer  crimes  —  even 
those  involving  tens  of  millions  of  dollars 


—  don’t  get  reported  at  all,  since  nobody 
wants  to  upset  stockholders  and  cus¬ 
tomers.  Only  36  percent  of  the  compa¬ 
nies  queried  in  the  CSI/FBI  survey  that 
suffered  security  breaches  reported  the 
crimes  to  law  enforcement  authorities. 

THE  STRUGGLE  TO  STAY  AHEAD 

Major  problems  and  weak  spots  include: 
LACK  OF  CORPORATE  OVERSIGHT.  Securi¬ 
ty  audits  and  evaluations  often  are  too 
shallow,  so  major  vulnerabilities  may 
not  be  spotted.  If  Computer  Sciences’ 
research  is  any  hint,  we’ve  got  a  long  way 


to  go:  46  percent  of  those  polled  have 
no  formal  information  security  policy,  59 
percent  have  no  formal  compliance  pro¬ 
gram  to  support  their  IT  operations  and 
68  percent  do  not  regularly  conduct 
security  risk  analyses  or  track  their  secu¬ 
rity  status. 

WEAK  AUTHENTICATION  TOOLS.  Tools  like 
automated  password-guessing  software, 
easily  available  on  the  Web,  make  it  sim¬ 


ple  for  even  inexperienced  bad  guys  to 
bypass  authentication  procedures  by 
stealing  passwords. 

VULNERABLE  OPERATING  SYSTEMS. 

Because  manually  tightening  down  an 
OS  is  so  tedious  and  time-consuming, 
intruders  can  exploit  defaults  and  issue 
commands  that  grant  them  privileges 
reserved  for  system  administrators  — 
including  accessing  other  servers  and  an 
ability  to  examine  files,  installing  ‘back 
doors’  that  enable  easy  entry  in  the 
future  and  altering  system  logs  so  they 
can  remain  undetected.  Meanwhile, 


THE  RISKS  INHERENT  IN  LETTING  ANYONE 
ON  THE  INTERNET  INTO  CORPORATE  IT 
SANCTUMS  ARE  ABOUT  LOSS  —  OF 
REVENUE,  PRODUCTIVITY,  AND  REPUTATION. 
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102  Identix  Incorporated 


Do  we  assume  that  someone  is  who  he  or  she  says  they  are,  just  because  they  wear  a  badge?  Identity  theft  has  created  the  need  for  a  new 
security  paradigm  that  focuses  less  on  barriers  than  on  the  people  within  them.  Identix  has  combined  biometrics  with  a  sophisticated  identity 
management  platform  to  ensure  a  Continuity  of  Authentication:  What  that  means  is  positive  verification  of  an  individual's  identity,  not  just 
when  a  facility  is  entered  but  whenever  networks  or  information  are  accessed  or  transactions  are  conducted  or  processed.  That  way  we  can 
always  know  who's  who  and  what's  what.  And  assume  nothing.  To  learn  more  please  visit  us  at  identix.com  or  call  888.433.6849. 


kr. 
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new  operating  systems  holes  are  being 
found  constantly;  each  month  brings 
discovery  of  roughly  io  new  Windows 
vulnerabilities. 

POROUS  SERVERS.  Servers  that  allow  net¬ 
work  traffic  to  move  too  freely  make  it 
easy  for  intruders  to  gain  access  and  for 
malicious  code  to  infect  systems.  A  sur¬ 
vey  of  more  than  2,500  information 
security  officers  conducted  last  summer 
by  Information  Security  magazine  reveals 
that  the  number  of  attacks  on  Web 
servers  doubled  between  2000  and 
2001,  while  buffer-overflow  attacks 
increased  33  percent. 

WIRELESS  WOES.  Can  wireless  encryp¬ 
tion  protocols  stand  up  to  creative 
attackers  like  those  who  do  ‘war-driving’ 
on  roads  around  corporate  campuses 
with  listening  devices  that  intercept 
wireless  transmissions? 

INTRUSION  MADE  EASY.  Penetration 
toolkits  available  on  the  Web  automate 


SECURITY  ISSUES 

Organization  is  Constrained  from 
Pursuing  E-business  Opportunities 
Due  to  Security  Issues 


■  1,009  IS  managers  from  31  countries  surveyed 

■  Follow-up  study  conducted  late 
September,  2001;  56  CIOS  surveyed 


SOURCE:  Computer  Sciences  Corp.  [www.csc.oom] 

14th  annual  survey  of  IS  management  issues, 
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the  processes  of  intrusion,  so  the  inex¬ 
perienced  can  join  the  ranks  of  cyber¬ 
raiders.  Meanwhile,  virus  and  worm 


attacks  are  sneakier  than  ever.  A  virus 
can,  for  example,  exploit  the  Web’s 
Secure  Sockets  Layer  (SSL):  since  proxy 
servers  can’t  scan  SSL-encrypted  down¬ 
loads  for  viruses,  only  desktop  anti-virus 
defenses  remain  —  but  this  means  all 
desktop  systems  in  an  organization 
must  always  be  up-to-date. 

WHAT’S  A  CIO  TO  DO? 

“First,  analyze  risks,”  suggests  Richard 
blunter,  vice  president  of  security 
research  at  Gartner.  “All  systems  and 
data  are  not  equal.  Put  the  heaviest  pro¬ 
tection  on  the  stuff  that  matters  most. 
Ensure  ongoing  maintenance  of  security 
software  and  operating  system  patches. 
Hire  capable  security  administrators, 
and  monitor  activity  inside  and  outside 
the  firewall  to  ensure  that  the  firewall  is 
working  as  desired.  If  this  is  too  much 
for  your  company  to  handle,  outsource 
the  job.”  SD 


NEW  SOLUTION 


OR  MORE  THAN  TWO  DECADES,  PEREGRINE  SYSTEMS®  HAS 

focused  on  solving  some  of  the  most  difficult  asset  manage¬ 
ment  issues  confronting  large  organizations  in  the  public  and 
private  sector  worldwide. 

Indeed,  Peregrine’s  platform  technologies  and  software 
solutions  in  infrastructure  management  are  fundamentally 
directed  at  giving  organizations  the  ability  to  coordinate  and  respond  to  unex¬ 
pected  events  or  situations. 

PEREGRINE  CRISIS  RESPONSE  SYSTEM 

Peregrine  is,  therefore,  uniquely  positioned  to  provide  the  underlying  tech¬ 
nology  for  a  command  and  control  system  for  organizations  to  support  swift 
and  effective  response  to  crises. 

As  an  extension  of  Peregrine’s  core  competency  in  infrastructure  man¬ 
agement,  this  new  solution,  the  Crisis  Response  System,  automates  the 
readiness,  recognition,  response,  and  recovery  activities  that  gives  organi¬ 
zations  the  ability  to  manage  a  crisis  event  from  initial  discovery  through  clo¬ 
sure  —  with  all  the  alerts,  notifications,  and  actions  required  to  achieve 
business  continuity. 

Built  on  Peregrine’s  Action  Request  System®  (AR  System®),  a  flexible 


foundation  for  automating  complex  business  processes,  the  system  enables 
an  organization  to  prepare  for,  work  through,  and  return  from  a  crisis 
situation.  It  prepares  the 
organization  by  providing 
a  means  to  automate  its 
disaster  plan  and  simu¬ 
late  threats  to  the  infra¬ 
structure,  with  full  audit 
capability.  During  a  crisis  situation  the  system  provides  a  centralized  com¬ 
mand  and  control  console  and  sophisticated  communications  that  facilitate 
the  quick  assembly  of  response  teams.  Although  Crisis  Response  System  is 
not  a  replacement  for  people  making  decisions,  it  allows  decisions  to  be  made 
and  actions  to  be  taken  faster,  more  efficiently,  more  effectively,  and  with  bet¬ 
ter  information  and  tracking. 


For  more  information,  visit  www.peregrine.com 

2002  Peregrine  Systems,  Inc.  All  rights  reserved.  Peregrine  Systems  is  a  registered  trademark 
of  Peregrine  Systems,  Inc.  Action  Request  System  and  AR  System  are  registered  trademarks 
of  Peregrine  Remedy,  Inc. 
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Frictionless  Business 
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Protecting  critical  infrastructure  is  your  job,  only  you 
don't  know  where  you're  vulnerable. That's  friction. 


Peregrine's  Crisis  Response  System  is  the  best  way  to  prepare, 
respond  and  recover.  Peregrine  is  helping  to  secure  our  nations  critical  infrastructure 
with  our  Crisis  Response  System — the  proven  choice  of  government  and  the  private  sector. 

Our  Crisis  Response  System  provides  the  communications  and  work  flow  structure  to  facilitate 
continuity  of  operations.  It  improves  preparedness  and  assures  effective  response  to  unexpected 
events,  from  cyber  attacks  to  natural  disasters.  By  delivering  real-time  command  and  control, 
expediting  communication  and  coordination  among  all  parties,  and  embedding  a  critical 
planning  and  readiness  capability,  Peregrine’s  Crisis  Response  System  is  the  most 
effective  platform  to  meet  today’s  most  critical  needs.  For  more  information,  visit 
www.peregrine.com  or  call  800.638.5231. 

Frictionless  Business 

©  2002  Peregrine  Systems,  Inc. 
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TO  PROTECT 
THE  ENTERPRISE 


SECURITY  IS  NOT  SOME- 

thing  you  buy,  nor  is  it  a 
destination  —  it  is  an 
ongoing  process,”  advises 
Mike  Rasmussen,  senior 
analyst  with  Giga  Infor¬ 
mation  Group.  “You  can- 
not  go  out  and  buy  a 
magic  formula  or  product 
that  will  make  you  secure. 
It  takes  ongoing  effort.” 

Certainly,  however,  buying  security 
products  and  services  have  their  place. 
International  Data  Corp.  estimates  that 
worldwide  spending  on  IT  security  soft¬ 
ware,  hardware  and  services  will  top  $35 
billion  by  2004. 

“In  order  to  protect  against  loss  of 
assets  and  prevent  business  interrup¬ 
tion,”  says  Frank  Huerta,  president  and 
CEO  of  Recourse  Technologies,  “CIOs 
and  information  security  professionals 
need  two  critical  tools:  time  and  infor¬ 
mation.”  These,  believes  Huerta,  can  be 
gotten  with  “a  layered  approach  to  infra¬ 
structure  security  which  permeates  the 
organization.” 

Julia  Allen,  a  senior  technical  staffer 
at  Carnegie  Mellon  University’s  CERT 
Coordination  Center,  says  these  layers 
—  also  referred  to  as  defense  in  depth  — 
include: 

■  Eliminating  known  vulnerabilities; 
applying  patches;  deploying  secure  con¬ 
figurations 


■  Characterizing  and  regularly  checking 
integrity  of  critical  assets 

■  Using  firewalls,  access  control,  user 
authentication,  and  encryption  tech¬ 
nologies 

■  Using  network  and  system  monitoring 
tools  including  intrusion  detection 

■  Periodically  conducting  vulnerability 
and  penetration  testing;  acting  on  the 
results 

■  Using  virus  detection  and  eradication 
software;  keeping  signatures  up  to  date 

■  Conducting  ongoing  training  for  users, 
administrators,  and  managers 


■  Having  security  policies  and  proce¬ 
dures  that  are  visible,  communicated, 
enforced,  maintained  and  which  carry 
consequences  for  non-compliance 

AUTHENTICATION  &  AUTHORIZATION: 
BEYOND  PASSWORDS 

The  most  common  way  to  identify  indi¬ 
vidual  users  —  a  unique  username  cou¬ 
pled  with  a  password  —  can  also  be 
alarmingly  ineffective. 

“Passwords,”  says  Giga’s  Rasmussen, 
“are  not  secure.  All  that’s  needed  to 


crack  a  password  is  time.  Given  enough 
attempts  at  the  combination  an  attacker 
will  succeed.  Two-factor  authentication 
—  based  on  something  you  know  and 
something  you  have  —  is  a  better  alter¬ 
native  for  many  applications.” 

It’s  not  hard  to  see  why.  Last  year 
more  than  750,000  identities  were 
stolen.  When  identity  theft  can  be  laid 
at  the  door  of  a  particular  organization, 
its  reputation  suffers  great  harm  and  lia¬ 
bility  can  be  vast. 

Then  there’s  the  matter  of  fraud. 
Research  indicates  that  more  than  half 


of  consumers  regard  any  financial  trans¬ 
action  online  to  be  unsafe.  Little  won¬ 
der:  Internet  fraud,  some  say,  will  hit  $15 
billion  by  2005. 

The  struggle  to  effectively  authen¬ 
ticate  those  involved  in  online  financial 
transactions  has  produced  online 
chargeback  rates  that  are  four  times 
greater  than  offline  rates.  Online  mer¬ 
chants  pay  as  much  as  seven  times  more 
than  offline  merchants  in  preauthoriza¬ 
tion  charges.  And  while  just  two  percent 
of  credit  card  volume  comes  from 


SECURITY  IS  NOT  SOMETHING 
YOU  BUY,  NOR  IS  IT  A  DESTINATION  — 

IT  IS  AN  ONGOING  PROCESS. _ 

IT  TAKES  ONGOING  EFFORT. _ 
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SSURANCE,  INSURANCE  AND  PROTECTION  ARE  THE 

three  essential  elements  any  truly  secure  organiza¬ 
tion  must  address  according  to  Paul  L.  Greene, 
Director  of  Information  Security  at  NeuStar,  Inc. 

“You  must  be  able  to  give  assurances  to  the 
business  that  all  essential  systems  will  be  available, 
you  must  provide  insurance  in  the  form  of  redundant  systems  and 
facilities  and  you  must  work  hard  everyday  protecting  the  organi¬ 
zation’s  assets  from  attacks,”  he  explains.  “No  one  is  immune 
from  compromise.” 

Greene’s  belief  in  the  necessity  of  this  security  triad  comes 
from  many  years’  work  within  several  classified  areas  of  govern¬ 
mental  agencies.  Not  surprisingly,  Greene  has  brought  this  same 
focus  on  what  it  takes  to  create  and  manage  a  secure  infrastruc¬ 
ture  to  his  position  at  NeuStar. 

The  only  third-party  vendor  licensed  by  the  FCC,  Washington 
DC-based  NeuStar  operates  the  authoritative  registry  of  all  North 
American  telephone  numbers  and  administers  the  database, 
which  all  North  American  carriers  rely  upon  to  route  billions  of 
telephone  calls  daily.  Over  4000  telecommunications  and  service 
providers  currently  rely  on  NeuStar’s  services.  NeuStar  also 
operates  the  dot-US  registry,  “America’s  Internet  Address.” 
NeuLevel,  NeuStar’s  subsidiary,  operates  the  .BIZ  registry,  the 
world’s  first  top-level  domain  dedicated  exclusively  to  business. 

CYBERGUARD  FROM  DAILY  ATTACKS 

The  addition  of  .BIZ  opened  NeuStar  to  the  Internet  in  a  new  way, 
creating  both  business  opportunity  and  security  issues.  First  on 
the  security  list,  says  Greene,  was  to  find  a  security  provider  for 
the  protection  piece  of  the  security  triad  who  was  also  a  partner. 
After  putting  some  12  firewall  vendors  through  their  paces,  Greene 
and  his  experienced  team  of  security  professionals  chose 
CyberGuard. 

“NeuStar’s  unique  service  and  position  in  the  telecommunica¬ 
tions  industry  makes  it  a  target  of  attacks  —  we  have  numerous 
attempts  a  day,”  reports  Greene.  “We  need  ‘rock  solid’  security 
and  a  vendor  who  understands  what  that  means.  CyberGuard  was 
the  first  in  the  world  to  achieve  EAL4  certification  for  its  firewall 
appliances  —  that  really  impressed  us. 


Cyberguard's  KS  series  ol  premium  appliance  firewalls  maintain  complete  separa¬ 
tion  ol  network  trallic  from  system  components. 


“We  felt  confident  in  choosing  CyberGuard  to  be  our  security 
partner  for  our  .BIZ  initiative,”  adds  Greene,  “We  knew  they  would 
be  capable  of  providing  the  level  of  sophisticated  security  support 
we  needed  and  we  have  not  been  disappointed  —  their  technical 
support  team  knows  security  and  CyberGuard’s  ability  to  deliver 
on  everything  they  promised  enabled  us  to  meet  our  tight  deadline 
for  deliverables.  Today,  we  have  CyberGuard’s  firewall  appliances 
in  three  countries.” 


WHAT  OF  PERFORMANCE 
AND  EASE  OF  USE? 


“I  have  an  experienced  team,  but  on  more  than  one  occasion  I  had 
to  enlist  the  help  of  a  junior  engineer  to  install  the  firewall,”  recalls 
Greene.  “Amazingly,  I  was  able  to  talk  them  through  the  process 
over  the  phone.  I’m  happy  to  report  that  those  systems  have  been 
functioning  in  a  production  environment  for  eight  months  without 
a  hitch,”  he  reports.  “And  CyberGuard  rocks  the  competition  in  the 
performance  impact  category.” 

With  a  track  record  of  NO  (that  is  "zero")  vulnerabilities  and 
roots  in  providing  "bullet-proof"  infosecurity,  it’s  no  wonder 
CyberGuard’s  security  solutions  are  found  in  Fortune  1000  compa¬ 
nies  and  governments  worldwide.  CyberGuard's  award-winning, 
industrial-strength  firewall/VPN  and  security  products  protect 
the  integrity  of  data  and  applications  from  hackers  and  digital 
thieves.  The  company  has  world  headquarters  in  Fort  Lauderdale, 
Florida,  and  branch  offices  worldwide. 


For  more  information,  visit  www.cyberguard.com 
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COMPANY  PROFILE 


STABLISHED  IN  1990,  STONESOFT  IS  ONE  OF  THE  WORLD'S 

leading  providers  of  software  for  high  availability  network 
solutions.  Stonesoft’s  global  headquarters  are  in  Helsinki, 
Finland;  Americas  headquarters  are  in  Atlanta,  Georgia  and 
Asia  Pacific  headquarters  are  in  Singapore.  In  2000, 
Stonesoft  announced  its  vision  for 
the  Secure,  Highly  Available  Enterprise,  and  the 
intent  to  extend  its  core  technology  offerings  to 
support  the  entire  enterprise. 

Stonesoft  is  a  leading  provider  of  network  security  and  high  availability 
software  for  ISPs/MSPs/ASPs,  telecommunication  companies,  financial 
institutions,  high-volume  Internet  sites  and  large  enterprises.  Over  90  per¬ 
cent  of  all  Fortune  500  telecommunications  companies,  two  out  of  every 
three  top  commercial  banks,  securities  companies  and  computer  manu¬ 
facturers  depend  on  Stonesoft  to  enhance  their  network  confidence  with 
Stonesoft  solutions. 

THE  FIRST  HIGHLY  AVAILABLE  FIREWALL/VPN 

Stonesoft's  StoneGate  is  the  first  firewall  and  VPN  solution  offering  high 
security,  high  performance  and  high  availability.  StoneGate  features  an 
embedded  OS  for  increased  security,  multiple  ISP  and  VPN  load  balancing 


to  ensure  continuous  network  connectivity,  and  advanced  centralized 
administration  tools  for  enterprise-wide  management  of  the  firewall  infra¬ 
structure.  StoneGate’s  unique  architecture  supports  various  hardware 
platforms,  including  numerous  appliance  options  available  through 
Stonesoft’s  Open  Appliance  Strategy. 

Stonesoft's  proven  StoneBeat  clustering  prod¬ 
uct  line  provides  high  availability  and  load  balancing 
for  third-party  firewalls,  web,  content-scanning 
servers  and  server  applications.  StoneBeat  prod¬ 
ucts  have  thoroughly  penetrated  six  primary  vertical  markets,  including 
banking  and  finance,  telecommunications,  utilities,  government,  media  and 
the  service  industry. 

Stonesoft  has  forged  several  key  strategic  partnerships  and  global 
industry  alliances  with  leading  security  software  developers,  MSPs,  chan¬ 
nel  distributors  and  hardware  manufacturers.  With  a  strong  commitment 
to  customer  service  and  support,  leading  products  and  the  best  strategic 
partnerships,  Stonesoft  offers  its  customers  a  complete  and  scaleable  net¬ 
work  security  solution.  Stonesoft  delivers  to  its  customers  the  vision  cf  a 
secure,  highly  available  enterprise. 


For  more  information  about  Stonesoft,  go  to  www.stonesoft.com. 
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online  transactions,  these  same  transac¬ 
tions  account  for  more  than  50  percent 
of  disputed  charges. 

Authentication  problems  create 
other  hassles,  too.  More  than  50  percent 
of  help  desk  calls  are  password-related. 
Duplicate  and  co-mingled  patient 
records  hike  health  care  costs  by  an  esti¬ 
mated  $29  billion  a  year  and  the  major¬ 
ity  of  medically-preventable  errors  that 
cause  100,000  deaths  annually  are 
attributed  to  missing  or  inaccurate 
patient  histories. 

Similar  problems  affect  interactions 
between  companies  and  their  customers 
as  well  as  even  simple  communications 
between  individuals  or  corporate  enti¬ 
ties.  So  newer  methods  have  been  devel¬ 
oped  that  either  replace  or  add  to  user- 
name-password  authentication. 

“Today’s  security  environment,” 
maintains  Bob  McCashin,  chairman  and 
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CEO  of  Identix  Inc.,  “requires  a  new 
paradigm  —  one  that  associates  actions 
with  identity.  Because  security  begins 
with  the  individual  —  who  are  they  and 
what  can  they  do  —  it  is  the  crucial  first 
step  to  protect  a  corporation’s  propri¬ 
etary  information,  transactions,  physi¬ 
cal  locations,  etc.” 

SMARTCARDS  AND  TOKENS.  Tokens 
strengthen  authentication  by  frequently 
changing  identification  coding:  after  its 
user  enters  a  password,  the  token  dis¬ 
plays  an  ID  that  enables  the  user  to  log 
onto  a  network. 

The  electronic  memory  and 
embedded  microprocessors  in  smart- 
cards  empower  them  to  act  as  more 
than  ID  instruments;  they  can,  for 
instance,  serve  as  a  form  of  digital  cash 
or  store  an  entire  (and  updateable)  med¬ 
ical  record. 

Smartcard  adoption  in  the  U.S.  has 


been  slowed  by  incompatibilities  in 
smartcard  programming  languages.  But 
that  may  be  changing  with  the  arrival  of 
the  latest  version  of  Java  Card,  which 
brings  multi-functionality  to  a  single 
card,  abides  by  international  standards 
and  addresses  such  Java  security  issues 
as  applet  control. 

BIOMETRICS.  Using  physical  characteris¬ 
tics  or  behavioral  traits  —  such  as  fin¬ 
gerprints,  voiceprints  or  retinal  images 
—  that  can  be  automatically  checked 
and  verified,  now  attracts  increasing 
interest  as  an  alternative  or  add-on  to 
the  easily  compromised  username/pass¬ 
word  combo. 

Since  biometric  authentication  can 
be  costly  and  intrusive,  organizations 
need  to  consider  the  trade-offs.  Iris 
scans,  for  instance,  are  very  accurate  but 
also  intrusive,  so  they’re  best  used  where 
high  levels  of  security  are  necessary.  Fin- 
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...  but  why  buy  a  mere  legacy  firewall? 

With  5tDn0[50t0  you  get  much  more! 


Unlike  the  competition,  StoneGate  offers  much  more  than  network  security.  You  also  need  high 
availability,  performance,  and  manageability,  so  why  buy  a  mere  firewall? 

For  continuous  firewall  uptime  and  top  performance,  StoneGate  is  built  with  high  availability  clustering 
and  true  dynamic  load  balancing.  And  our  unique  Multi-Link  Technology™  manages  multiple  ISP 
connections  for  Internet  access  redundancy — a  critical  factor  for  successful  VPN  deployment. 

A  global  software  and  solutions  company,  Stonesoft  builds  confidence. 

Learn  more — visit  www.stonesoft.com,  call  866.869.4075,  or  email  info.americas@stonesoft.com. 
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gerprint  authentication  is  less  accurate, 
but  also  less  intrusive  and  not  as  expen¬ 
sive,  so  it  can  be  effective  in  less  critical 
security  environments. 

Biometric  authentication  tech¬ 
niques  are  being  combined  with  person¬ 
al  identification  numbers,  encryption, 
tokens,  smartcards  and  other  devices 
and  applications.  Identix’s  BioLogon  ™ 
biometric  authentication  solution,  for 
instance,  supports  multiple  authentica¬ 
tion  factors  and  login  methods  (includ¬ 
ing  fingerprints,  smartcards  and  pass¬ 
words),  can  be  centrally  managed,  uses 
128-bit  encryption,  features  server 
redundancy  and  load  balancing,  and 
speedy  enrollment.  Identix  biometric 
solutions  can  also  be  embedded  into 
application,  network  and  hardware 
security  solutions. 

And  the  company’s  itrust™  Web- 


based  identity  and  access  management 
platform  generates  a  transaction  audit 
trial  that  enables  organizations  to  tie 
individual  identity  to  particular  transac¬ 
tions  to  reduce  fraudulent  disputed 
charges. 

“Bringing  together  biometric  tech¬ 
nology  such  as  fingerprints  with  a  mul¬ 
tifactor  authentication  identity  man¬ 
agement  platform,”  explains  Identix’s 
McCashin,  “allows  companies  to  offer 
continuity  of  authentication.  This  is 
important  because  it  provides  a  com¬ 
plete  authentication  solution  that 
requires  re-verification  of  a  person’s 
identity  at  every  step. 

“For  example,”  he  continues,  “an 
employee’s  computer  system  and  physi¬ 
cal  access  rights  are  stored  on  his/her 
employee  badge  using  smartcard  tech¬ 
nology  that  includes  a  fingerprint  tem¬ 


plate.  As  the  employee  navigates  freely 
throughout  physical  locations,  net¬ 
works,  and  protected  resources  he/she 
continually  reaffirms  identity  using  their 
badge  and  the  touch  of  a  finger.  Conti¬ 
nuity  of  authentication  offers  a  com¬ 
plete  solution  that  is  convenient  and 
cost-effective.” 

MANAGING  ACCESS.  When  heterogeneous 
IT  environments  must  serve  many  users 
at  different  levels  of  trust,  managing 
authorization  and  access  gets  complex. 

Several  vendors  —  including  RSA 
Security,  IBM/Tivoli  and  Netegrity  — 
incorporate  content  personalization, 
role -based  access  control  and  user-self¬ 
registration  into  access  management 
offerings  that  support  a  range  of  securi¬ 
ty  devices  and  authentication  options. 

Thus  users  can  be  authenticat¬ 
ed,  allowed  into  a  Web  portal  and 


EXECUTIVE  VIEWPOINT 


APPGATE  IS  A  PRIVATELY  HELD  COMPANY  THAT  DESIGNS 

and  manufactures  e-security  hardware  and  software  net¬ 
work  solutions  for  small  to  large  enterprises.  AppGate’s 
mission  is  to  enable  organizations  to  protect  critical  infor¬ 
mation  resources  by  controlling  access  not  just  to  the  fire¬ 
wall  at  the  front  gate,  but  all  the  way  to  the  application  level 
within  the  trusted  network.  This  innovative  solution  completely  redefines 
the  concept  of  virtual  private  networking. 

As  businesses  increase  their  reliance  on  the  Internet  to  connect  geo¬ 
graphically  dispersed  business  units  and  external  supply  chain  partners, 
they  need  protection  from  security  breaches  both  from  within  the  trusted 
network,  as  well  as  from  the  outside.  They  need  a  way  to  determine  who 
can  access  which  applications,  from  where,  and  when. 

Unfortunately,  this  fine-grained  control  at  the  unique  user  and  applica¬ 
tion  level  was  lacking  in  traditional  VPN  security  structures.  Traditional 
security  measures  were  not  extensive  enough,  too  restrictive,  and  raised 
the  overall  complexity  of  the  IT  environment  without  much  return  on  invest¬ 
ment.  AppGate  saw  these  critical  gaps  in  existing  VPN  security  strategies 
and  developed  a  powerful,  flexible  solution  to  address  them. 

HIGH  ROI 

This  innovative  VPN  security  solution  provides  high  return-on-investment  in 


multiple  ways: 

■  REDUCES  IMPLEMENTATION 
COSTS  by  operating  as  a  stan¬ 
dard  application  on  industry- 
standard  servers,  requiring  no 
modification  to  IT  infrastructure, 
network  address  translation 
(NAT)  schemes,  or  applications 

■  REDUCES  implementation  COSTS  by  enabling  you  to  leverage  any  access 
control,  authentication,  and  encryption  solutions  you  may  already  be  using 

■  reduces  administration  COST  through  centralized  administration 
and  an  easy-to-use  graphical  interface 

■  reduces  deployment  cost  by  eliminating  distribution  requirements; 
users  can  download  the  AppGate  portal  as  a  Java®  applet  via  their  Web 
browser. 

■  REDUCES  support  COSTS  with  a  simple  user  interface  that  virtually 
eliminates  training  and  tech  support  requirements. 

■  PROTECTS  THE  ORGANIZATION  FROM  HUGE  POTENTIAL  LOSSES 

caused  by  hacking,  theft  of  confidential  data,  fraud,  viruses,  vandalism,  or 
misappropriation  of  network  resources. 


For  more  information,  visit  www.appgate.com 
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Free-range  access  to  your  network  is  a  risk  you  may  not  know  you  are  taking. 


A  barnyard  fence  just  isn’t  enough.  You  need  to  guard  the  hen  house,  too.  To  protect  your  critical  applications  and  resources, 
you  need  a  Virtual  Private  Network  that  goes  beyond  a  point-to-point  connection.  AppGate™  VPN  and  AppGate  PowerBox™ 
go  further  by  extending  e-security  into  the  internal,  trusted  network,  all  the  way  from  the  users  to  the  applications.  AppGate 
provides  full  access  control,  allowing  an  enterprise  to  customize  access  so  you  know  who  has  access  and  when  they  have 
access  to  your  critical  applications  and  services.  Protective  boundaries  are  important.. .even  for  chickens. 

For  more  information,  visit  our  website  at  www.appgate.com  or  give  us  a  call  at  1-866-AppGate. 
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authorized  to  access  back-end  applica¬ 
tions  with  a  single  sign-on.  Several  ven¬ 
dors  are  developing  XML- 
based  solutions  for 
exchanging  authentication 
and  authorization  data 
between  vendor  environ¬ 
ments,  including  between 
application  server  security 
systems,  so  soon  users  will 
be  able  to  click  from  host 
website  to  a  partner’s  web¬ 
site  without  re-authoriza¬ 
tion. 

PREVENTION  &  RESISTANCE 

The  Internet  has  become  such  an  integral 
part  of  most  companies’  business  envi¬ 
ronments  that  when  website  or  network 
operations  are  interrupted,  the  costs  can 
be  enormous.  The  cost  of  downtime 
varies  depending  on  the  business  —  from 
$100,000  to  $i  million  an  hour.  Or  more. 
For  instance,  the  now  infamous  22-hour 
outage  that  afflicted  eBay  in  June,  2000 
caused  that  company’s  market  cap  to 
plunge  a  terrifying  $5.7  billion. 

One  of  the  best  ways  to  prepare  for 
trouble  involves  anticipating  it  and  pre¬ 


venting  it.  For  CIOs  this  typically  means 
three  things: 

1.  Systems  and  network’s 
must  be  designed  to  be  truly 
resilient  so  they  can  accom¬ 
plish  their  mission  even 
when  failure,  accident  or 
even  intrusion  does  happen. 
This  involves  not  only  high 
levels  of  security  but  also: 

High  availability:  99  per¬ 
cent  availability  translates 
into  a  yearly  downtime  of 
87.6  hours;  for  most  businesses,  avail¬ 
ability  needs  to  be  99.999  percent  or 
better,  delivering  less  than  5.26  minutes 
downtime  a  year. 

Fault  tolerance  and  resource 
failover:  when  outages  or  failures  do 
occur,  a  system  or  network  behaves  in 
predictable  ways  and  a  backup  system 
kicks  in  transparently 

Predictable  performance:  systems 
and  networks  can  consistently  handle 
peaks  and  troughs  in  traffic  and  demand. 

Transparent  network  and  system 
management:  updates,  upgrades  and 
other  straightforward  changes  must  be 
easy  to  implement,  regardless  of  the  sys¬ 


tem’s  complexity. 

2.  Systems  and  networks  must  be  hard¬ 
ened  to  thwart  malicious  attacks  and 
intrusions.  “Non-hardened  applications 
and  operating  systems  are  open  to 
attack  and  the  most  costly  attacks  occur 
from  the  inside,”  observes  Giga’s  Ras¬ 
mussen.  “If  an  organization  is  relying  on 
its  external  perimeter  defenses  to  pro¬ 
tect  them,  it  ignores  the  insider  attack. 
This  is  part  of  the  M&M  story  of  secu¬ 
rity  —  hard  and  crunchy  on  the  outside 
while  soft  and  chewy  on  the  inside.” 

3.  Key  applications  and  data  must  be 
backed  up  so  they  can  be  recovered  after 
a  failure,  accident  or  attack  without  loss 
of  business  services. 

VIRTUAL  PRIVATE  NETWORKS  (VPNS).  The 
appeal  of  creating  a  secure  ‘tunnel’ 
through  the  Internet  has  been  damp¬ 
ened  by  performance  degradation  due 
to  its  resource-intensive  encryption 
technology  and  struggles  to  make  VPNs 
fault-tolerant.  But  current  higher-speed 
crypto  ASIC  design  has  helped  make 
VPNs  an  effective  alternative  to  dedi¬ 
cated  leased  lines. 

These  days,  VPNs  can  handle  as 
many  as  50,000  tunnels,  offer  triple- 
DES  (Data  Encruption  Standard)  secu¬ 
rity,  can  be  integrated  with  firewalls  and 
intrusion  detection  systems,  and  sup¬ 
port  digital  certificates.  A  growing  num¬ 
ber  of  VPN  vendors  —  including  Check 
Point,  Nokia,  AppGate,  RadGuard  and 
NetScreen  —  offer  VPN  appliances, 
some  of  which  include  high  availability 
features. 

“In  today’s  uncertain  market  where 
information  security  is  a  must  yet  budg¬ 
ets  are  being  scrutinized,”  says  Alfred 
Moresi,  AppGate ’s  CEO,  “CIOs  should 
be  looking  to  appliance-based  VPN 
solutions  that  offer  the  same  compre¬ 
hensive  capabilities  of  software  prod¬ 
ucts,  yet  in  an  easy-to-install,  low-main¬ 
tenance  and  affordable  plug-n-play 
hardware  appliance.” 

AppGate,  for  one,  emphasizes  the 


WHAT  CAUSES 

DOWNTIME? 

IT  industry  researcher  International  Data  Corp.  has  identified  the  four  areas 
causing  downtime: 

■  NETWORKS  —  most  often  caused  by  ISP  connection  downtime  and  network  LAN 
overload, 

■  SERVERS  AND  OPERATING  SYSTEMS  —  common  problems  caused  by  either  CPU 
overload  or  by  network  interface  card  failure, 

■  APPLICATIONS  —  trouble  usually  comes  from  slowed  database  performance  and 
process  hang-ups. 

■  NETWORK  MAINTENANCE  ALSO  CONTRIBUTES  TO  DOWNTIME  WOES,  SINCE  MAINTENANCE 
CAN  NO  LONGER  BE  CONDUCTED  DURING  ‘OFF  HOURS,’  —  there  no  longer  are  ‘off 
hours’  in  a  24x7  international  economy. 


DESIGNING  RESILIENT 
SYSTEMS  AND  NETWORKS 
TAKES  MORE  THAN 
SECURITY.  IT  ALSO  TAKES: 

■  High  Availibity 

■  Fault  tolerence  and 
resource  failure 

■  Predictable  perform¬ 
ance 

■  Transparent  network 
system  management 
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CASE  STUDY 


SONY  FIGHTS  INTRUSION  WITH 
“CRYSTAL  GALL” 


DIVISION  OF  SONY,  INC.,  SONY  PICTURES  ENTERTAIN- 

ment  (SPE)  develops  and  distributes  a  wide  variety  of 
programming  including  movies,  television,  videos  and 
DVDs.  Not  surprisingly,  a  critical  task  of  SPE’s  Informa¬ 
tion  Protection  and  Security  Group  is  the  protection  of 
large  amounts  of  intellectual  property.  A  compromise 
of  security  can  cost  the  company  valuable  intellectual  property  as  well 
as  thousands  of  dollars  and  months  of  time. 

Jeff  Uslan,  Director  of  Information  Protection  and  Security  at 
SPE,  is  charged  with  the  difficult  task  of  managing  security  over  a 
large,  open  network  where  users  have  access  at  varying  times 
(depending  upon  the  project)  and  can  go  on  and  off  the  network 
quickly.  Knowing  who  should  have  access  and  when  —  including 
executives,  producers,  distributors,  contractors,  product  compa¬ 
nies,  subcontractors  and  talent  alike  —  is  of  utmost  importance  to 
the  security  and  protection  group. 

NEEDED:  ADVANCED  THREAT 
MANAGEMENT  SOLUTION 

Uslan’s  team  tested  numerous  traditional  signature  based  IDS 
(Intrusion  Detection  System)  products,  but  found  they  produced 
an  unmanageable  amount  of  false  positives  and  did  not  have  the 
comprehensive  enterprise  understanding  needed  for  the  SPE  net¬ 
work.  Clearly,  a  signature-based  Network  IDS  was  not  the  answer 
for  SPE. 

What  Sony  Pictures  Entertainment  needed,  recalls  Uslan,  was  an 
advanced  threat  management  solution  that  would  take  nominal 
resources  to  maintain  and  require  limited  resources  to  track  and 
respond  to  suspicious  network  activity.  What’s  more,  the  solution 
had  to  scale  and  work  well  in  a  larger  network  of  partners  as  well  as 
be  able  to  leverage  information  across  Sony  entities.  And  that’s  pre¬ 
cisely  what  Recourse  Technologies  delivered  via  its  advanced  net¬ 
work  intrusion  detection  solution,  including  ManHunt™. 

SPE’S  RECOURSE  AGAINST  HACKING 

Today,  SPE  depends  on  ManHunt  protocol  anomaly  detection  to 
detect  previously  unknown  and  new  attacks  as  they  occur,  close  the 
window  of  vulnerability  inherent  in  signature-based  systems  and 
substantially  decreasing  false  positives;  track  attack  information 


across  network  administrative 
domains;  quickly  find  point(s)  of 
entry  of  an  attack,  especially  for 
distributed  denial  of  service 
attacks  with  spoofed  source 
addresses;  and  provide  threat 
awareness  without  data  overload. 

Moreover,  real  time  event  aggre¬ 
gation  and  correlation  enables  SPE 
to  gather  intelligence  across  the 
network  to  quickly  spot  trends,  sort 
related  events  and  recognize  incidents  as  they  happen  —  dramati¬ 
cally  reducing  the  effort  required  to  identify  threats  and  dramatical¬ 
ly  reducing  the  time  to  respond  to  such  events. 

And  given  the  complexity  of  the  SPE  network,  Uslan  appreciates 
the  single  point  of  control  and  monitoring  as  well  as  the  scalability  in 
a  multisite  enterprise. 

“Recourse’s  advanced  intrusion  detection  system  is  the  closest 
you  can  come  to  a  crystal  ball;  it  tells  you  what’s  happening  and 
what  just  happened,”  reports  Uslan. 

Recourse  Technologies  is  the  leading  provider  of  threat  manage¬ 
ment  solutions  that  detect,  analyze,  and  respond  to  both  known  and 
novel  threats,  including  intrusions,  internal  attacks  and  denial  of 
service  attacks.  With  Recourse’s  advanced  intrusion  detection  solu¬ 
tions  ManHunt  and  ManTrap®,  businesses  gain  the  time  and  infor¬ 
mation  critical  for  enabling  secure  and  uninterrupted  business 
operations. 


To  learn  more  about  managing  network  threats,  visit  the  Web  site 


at  www.recourse.com.  Or  call  1-877-786-9633. 
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importance  of  keeping  application  servers 
separated  from  the  untrusted  public 
Internet.  When  key  servers  are  protected 
from  unauthorized  traffic,  operating  sys¬ 
tems,  network  protocols  and  applications 
stay  beyond  the  reach  of  an  attack. 

“Beyond  just  protecting  the  net¬ 
work  from  external  threats,  CIOs  should 
be  thinking  about  how  to  protect  the 
internal,  trusted  network  as  well,”  says 
Moresi.  “Many  of  today’s  VPNs  only 
provide  a  site-to-site,  or  device-to-device 
connection,  leaving  users  wide  open  to 


access  any  internal  resources  or  informa¬ 
tion  they  want.  By  providing  a  secure 
connection  from  the  user  all  the  way  to 
the  application  or  resource  itself,  busi¬ 
nesses  can  ensure  the  highest  level  of 
protection  for  their  IT  assets.” 

The  AppGate  Server  protects 
application  servers  from  unauthorized 
access,  encrypts  network  traffic, 
authenticates  users,  makes  authoriza¬ 
tion  decisions  and  logs  all  user  actions. 
To  access  a  protected  application  serv¬ 
er,  a  user  launches  the  AppGate  Client, 
which  sets  up  an  encrypted  tunnel 
between  the  workstation  and  the  App¬ 
Gate  server,  authenticates  the  user  and 
enables  authorized  interaction. 
FIREWALLS.  Traditional  software-based 
firewall  vendors  like  Check  Point,  Com¬ 
puter  Associates  and  Symantex/Axent 
face  mounting  competition  from  fire¬ 
wall  appliance  vendors,  including  Cisco 
Systems,  Nokia  and  CyberGuard. 

Three  kinds  of  firewall  architec¬ 
tures  currently  dominate: 

Static  packet  filtering,  which  works 
at  the  network  layer  of  the  OSI  stack, 
makes  simple  deny/allow  choices 


according  to  source/destination  net¬ 
work  address  and  each  packet’s  port 
number  as  determined  by  administra¬ 
tor-defined  rules.  This  approach  is  inex¬ 
pensive,  fast,  transparent  and  flexible  — 
but  tough  to  configure  and  offering  lim¬ 
ited  logging  facilities. 

Dynamic  packet  filtering/stateful 
inspection  makes  deny/allow  decisions 
based  on  all  the  data  in  the  packet 
thanks  to  continual  monitoring  of  the 
state  of  the  connection  —  so,  in  effect, 
the  firewall  remembers  the  state  of  each 


ongoing  exchange  and  dynamically  mod¬ 
ifies  packet  filter  rules  accordingly. 
Result:  more  effective  determination  of 
which  inbound  packets  are  part  of  an 
existing  session  and  which  are  ‘rogue.’ 

Proxy  servers,  which  work  at  all 
seven  OSI  layers,  function  as  stand-ins, 
relaying  valid  requests  between  trusted 
and  untrusted  networks  and  never 
permitting  direct  connection  between 
them.  Because  proxy  servers  make  large 
processor  and  memory  demands,  per¬ 
formance  is  affected. 

COMBINING  FIREWALLS  AND  VPNS.  “When 
it  comes  to  choosing  security  technolo¬ 
gies,”  notes  Pat  Clawson,  president  of 
CyberGuard  Corp.,  “many  people 
choose  the  easy  route  instead  of  the 
most  secure.  Packet  filtering  instead  of 
proxies  for  firewalls.  Speed  over  securi¬ 
ty.  It’s  not  surprising  that  there  are  secu¬ 
rity  breaches  as  a  result. 

‘Advances  in  firewall  and  VPN  tech¬ 
nology,  high  performance  hardware  and 
intuitive  manageability  features,  howev¬ 
er,  make  it  easier  to  have  both  security 
and  performance,”  Clawson  says.  “CIOs 
shouldn’t  settle  for  anything  less.” 


CyberGuard’s  plug-and-play  fire¬ 
wall/VPN  appliances  combine  all  of 
these  approaches  to  incorporate  multi¬ 
level  security  that  treats  each  layer  of 
the  secure  operating  system  discretely, 
maintaining  complete  separation  of  net¬ 
work  traffic  from  system  components. 
In  December  2000,  CyberGuard’s  appli¬ 
ances  became  the  first  to  earn  the  Com¬ 
mon  Criteria  Evaluation  Assurance 
Level  4  certification,  a  rigorous  security 
standard  recognized  by  15  nations. 

“Without  question,”  Clawson 
asserts,  “the  combined  appliance  is  eas¬ 
ier  to  install,  implement  and  use. 
Updates  and  enhancements  will  apply  to 
both  functionalities.” 

Limiting  access  to  a  corporate  net¬ 
work  from  the  untrusted  public  Internet 
can  become  quite  complex  in  a  larger 
enterprise  with  many  distributed  firewalls. 
Enterprise  firewalls  tackling  this  challenge 
must  be  extremely  scalable  in  order  to 
handle  the  centralized  management  capa¬ 
bilities  built  into  distributed  firewalls  as 
well  as  the  heavy  throughput  that  online 
transaction  environments  require. 

Among  the  products  that  can  do 
this  is  Stonesoft  Corp.’s  StoneGate, 
which  provides  clustering  and  manage¬ 
ment  capabilities  that  monitor  distrib¬ 
uted  firewalls  and  reaches  all  the  way  to 
a  network’s  ISP  connection. 

“Astute  buyers  and  their  distribu¬ 
tors,”  notes  Esa  Korvenmaa,  Stonesoft 
president  and  CEO,  “will  be  looking  for 
a  combination  they  haven’t  seen  until 
now:  high  value  and  high  performance.” 

Because  StoneGate ’s  clustering  soft¬ 
ware  dynamically  handles  load  balancing, 
throughput  is  maximized,  failover  is 
automatic  and  maintenance  can  be  done 
on  the  fly.  StoneGate  also  obviates  need 
for  multiple  high-availability  load-bal¬ 
ancing  solutions  for  servers  and  edge 
routers,  and  its  high-availability  capabil¬ 
ities  improves  VPN  reliability 

‘The  latest  challenge  in  network 
management  is  to  provide  system 
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OT  ONLY  IS  NETWORK  SECURITY  MORE  COMPLEX  THAN 

ever  before,  but  also  the  very  definition  of  network 
security  has  expanded.  Where  once  network  security 
was  just  about  guarding  against  hackers  and  virus¬ 
es,  today  it's  also  about  managing  IT  resources  more 
efficiently. 

More  and  more  executives  are  realizing  that  installing  firewalls 
and  anti-virus  software  without  Web  and  email  content  filters  is  like 
locking  the  doors  but  leaving 
the  windows  open.  SurfCon¬ 
trol,  the  number  one  Internet 
filtering  company  in  the  global 
security  market,  offers  the 
one-two  punch  that  compa¬ 
nies  need  for  more  complete 
security. 

Today  organizations  such 
as  the  Internal  Revenue  Ser¬ 
vice,  Crate  &  Barrel,  Ricoh  and 
Toyota  Motor  Sales  USA  rely 
on  SurfControl  to  protect  their  networks,  minimize  legal  risk  and 
increase  employee  productivity. 

SURFCONTROL:  THE  FILTERING 
COMPANY 

SurfControl  provides  customers  with  a  full  solution  that  includes 
Web  and  email  filtering,  relevant  content  and  advanced  artificial 
intelligence  tools. 

SuperScout  Web  Filter  focuses  employees  on  using  the  Internet 
for  conducting  company  business,  rather  than  on  irrelevant  surf¬ 
ing.  SuperScout  Web  Filter’s  threshold  blocking  allows  administra¬ 
tors  to  set  user  access  limits  according  to  length  of  time  or  the  total 
bandwidth  used  in  a  given  day.  Coupled  with  a  new  enhanced  report¬ 
ing  facility  —  including  new  bandwidth  analyses  that  illustrate  how 
and  when  bandwidth  is  being  consumed  —  SuperScout  Web  Filter 
offers  companies  greater  precision  in  setting  rules  for  Internet 
access  and  implements  them  down  to  the  individual  user  and  indi¬ 
vidual  Web  page. 

SuperScout  Email  Filter  gives  designated  managers  appropriate 
control  over  how  company  employees  use  corporate  email.  By  com¬ 


bining  features  which  allow  administrators  to  recognize  explicit 
adult  image  files  with  a  Web  administrator  capability  that  enables 
authorized  personnel  to  securely  manage  the  product  remotely, 
SuperScout  Email  Filter  helps  companies  secure  networks  against 
email  viruses,  optimize  employee  productivity  and  network  per¬ 
formance  and  protect  critical  information. 

SurfControl  has  the  largest  collection  of  the  world’s  most  traf¬ 
ficked  Web  sites  in  the  industry  with  more  than  4  million  site  entries 

thoughtfully  organized  into  40 
categories  and  130  subtopics. 
More  than  65  languages,  from 
sites  registered  in  more  than 
200  countries,  are  represent¬ 
ed  in  the  Content  Database, 
giving  SurfControl  the  most 
international  content  in  the 
industry.  Complete  catego¬ 
rization  technologies  and 
proven  processes  using  auto¬ 
mated  tools,  spidering  tech¬ 
nologies  and  an  expert  human  review  team  for  sourcing  and  cate¬ 
gorizing  help  to  maintain  the  Content  Database.  Daily  updates  — 
plus  constant  culling  and  aging  —  makes  this  the  most  relevant  and 
accurate  filtering  list  in  the  market. 

SurfControl  also  offers  customers  a  set  of  tools  that  use  adap¬ 
tive  reasoning  technology  to  interpret  information  context.  The  Vir¬ 
tual  Control  Agent  provides  dynamic  and  automatic  Web  site  cate¬ 
gorization  while  the  Virtual  Image  Agent  offers  intelligent  analysis 
and  recognition  of  adult  images  within  email  attachments. 

THE  BOTTOM  LINE 

At  the  end  of  the  day,  it’s  all  about  securing  corporate  resources. 
With  SurfControl’s  full  solution,  corporations  can  maximize  their 
resources  and  boost  their  bottom  line.  It’s  as  simple  as  that. 

Headquartered  in  Scotts  Valley,  California,  SurfControl  works 
with  a  variety  of  industry  partners  including  AT&T,  Check  Point  Soft¬ 
ware,  Cisco  Systems,  Hewlett  Packard,  IBM,  Intel,  and  Microsoft 
Corp.’s  Web  TV. 


For  more  information,  visit  www.surfcontrol.com 
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administrators  with  the  ability  to  apply 
and  enforce  high  availability  principles,” 
says  Stonesoft’s  Korvenmaa.  “In  addi¬ 
tion  to  high  performance  and  high  secu¬ 
rity,  a  firewall  VPN  strategy  should  also 
incorporate  high  availability  principles 
across  multiple  ISP  connections  for 
multiple  VPN  tunnels.” 

CONTENT  FILTERING.  “Security  is  not  just 
about  firewalls  and  hackers  anymore,” 
says  Kevin  Blakeman,  president  of  Surf¬ 
Control.  “It’s  also  about  optimizing 
resources  and  mitigating  legal  risks.  In 
addition,  organizations  need  to  balance 
potential  threats  with  the  critical  role 
the  Internet  and  e-mail  play  in  today’s 
connected  economy.” 

One  example  is  the  Health  Insurance 
Portability  and  Accounting  Act  (HIPAA). 
Compliance  with  this  new  law  protecting 
medical  patients’  privacy  becomes  manda¬ 
tory  in  April,  2003  and  is  already  creating 
a  new  standard  for  ensuring  the  security 
and  confidentiality  of  individually  identi¬ 
fiable  information  transmitted  electroni¬ 
cally.  The  upshot  is  that  organizations 
must  not  only  limit  what’s  disclosed  but 
also  who  it’s  disclosed  to;  those  who  fail 
face  criminal  penalties. 

Because  e-mail  is  one  of  the  chief 
means  of  transmitting  this  sensitive 
information,  using  software  that  filters 
e-mail  content  can  prevent 
transmission,  either  mali¬ 
cious  or  accidental,  of  infor¬ 
mation  that  should  stay  pri¬ 
vate. 

SurfControl’s  Super- 
Scout  Email  Filter,  for 
instance,  prevents  the  wrong 
data  from  getting  e-mailed; 
even  encrypted  messages 
sent  by  unauthorized  per¬ 
sonnel  within  your  company 
can  be  blocked,  isolated, 
allowed  or  stripped.  Super- 
Scout  also  stops  viruses, 
thanks  to  its  anti-virus  scan¬ 
ning  capabilities. 


Just  as  dangerous  can  be  the  Web- 
surfing  habits  of  employees,  who  may  not 
only  be  eating  up  bandwidth  with  per¬ 
sonal  activities  like  finding  their  favorite 
tunes  or  planning  a  vacation  but  may  also 
be  inadvertently  downloading  malicious 
code.  Web  content  filtering  programs, 
like  SurfControl’s  SuperScout  Web  Filter, 
track  who’s  doing  what  on  the  Web  and 
enable  administrators  to  establish  Inter¬ 
net  access  rules  for  different  user  groups. 

“Installing  firewalls  and  anti-virus 
software  without  Web  and  e-mail  filter¬ 
ing,”  says  Blakeman,  “is  like  locking  the 
doors  but  leaving  the  windows  open.” 
BACKING  UP  THAT  DATA.  According  to 
Strategic  Resource  Corp.,  60  percent  of 
corporate  data  resides  on  PCs  and  note¬ 
book  computers  and  up  to  96  percent  of 
business  PCs  do  not  have  data  backup. 
That’s  a  lot  of  unprotected  data. 

Since  it’s  unlikely  that  every  PC- 
wielding  employee  can  be  counted  on  to 
conscientiously  back  up  the  data  on 
their  machines,  IT  departments  need  to 
incorporate  PC  lifecycle  management 
into  their  business  continuity  and  disas¬ 
ter  recovery  plans. 

“Yet,”  points  out  Bob  Brennan, 
CEO  at  Connected  Corp.,  “most  com¬ 
panies  do  not  have  an  automated  infor¬ 
mation  protection  and  recovery  pro¬ 


gram  for  their  employees’  desktop  and 
laptop  PCs.  Successful  companies  have 
paid  attention  to  this  revelation  and  are 
intensifying  efforts  to  fully  protect  the 
valuable  corporate  information  that 
resides  on  these  important  devices.” 

One  approach  is  offered  by  Con¬ 
nected  Corp.’s  Connected  TEM,  which 
automatically  compresses  and  encrypts 
PC  data  before  backing  it  up  via  a  cor¬ 
porate  network.  Connected  TLM  also 
includes  modules  that:  give  administra¬ 
tors  control  over  remotely  located  PCs; 
migrate  PC  ‘personalities’  to  new 
machines;  repair  operating  systems 
states,  registries  and  applications;  and 
keep  PC  software  up-to-date  (via  asset 
discovery  and  management  capabilities 
from  Peregrine  Systems). 

“We  should  always  have  a  line  of 
defense  in  place  prepared  to  deal  with 
the  problems  created  when  security 
fails,”  says  Brennan.  ‘A  strong  combina¬ 
tion  of  awareness,  security  and  —  per¬ 
haps  most  important  —  recovery  capa¬ 
bilities  will  always  be  the  best  defense 
against  any  attack.  One  without  the 
others  will  always  fail.” 

DETECTION  &  RESPONSE 

“Since  many  attacks  are  the  result  of 
new  weakness  uncovered  by  hackers  or 
others,  the  key  is  constant 
vigilance  and  monitoring,” 
says  Frederick  Rica,  partner 
and  threat  and  vulnerability 
assessment  practice  leader 
at  PricewaterhouseCoopers. 
“It’s  important  that  CIOs 
stay  on  top  of  new  threats 
and  vulnerabilities  as  they 
are  made  known  and  then 
implement  a  process  to 
patch  those  holes  and  per¬ 
form  ongoing  testing  to 
make  sure  they  don’t  re- 
emerge.” 

FIGHTING  THE  VIRUS  WARS. 

When  the  first  virus  infect- 
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HE  WORLD  HAS  CHANGED;  IT’S  JUST  NOT  AS  SAFE  AS  IT 

once  was.  The  things  you  once  took  for  granted-like  the  day- 
to-day  security  of  your  business-deserve  a  closer  look. 
Most  importantly,  you  have  an  obligation  to  your 
people,  shareholders  and  customers  to 
protect  your  assets.  How  do  you  do  this, 
and  where  do  you  start? 

TRW  CRITICAL  INFORMATION  AND 
ASSET  PROTECTION  (CIAP) 

A  complete  security  program  for  today’s  world  must 
address  the  critical  phases  of  the  Business  Protection 
Lifecycle.  ASSESS  your  current  environment,  business 
strategy,  policies,  and  threats  to  identify  vulnerabilities. 

SECURE  those  vulnerabilities  using  proven  solutions  designed 
to  optimize  your  security  investment.  RESPOND  to  events  as  they 
occur  to  maintain  operational  integrity.  CIAP  solutions  from  TRW  are  designed 
to  fulfill  every  requirement  of  the  Business  Protection  Lifecycle.  Our  CIAP  solu¬ 
tions  are  modular  to  add  value  to  your  business  when  and  where  you  need  it. 

■  CIAP  Assessments:  A  comprehensive,  business-oriented  assessment 
of  security  threats,  vulnerabilities,  risks  and  business  impact  for  a  company’s 
complete  asset  base. 

■  CIAP  Security  Infrastructure:  A  technology-oriented  suite  of  security 


^ecufe 


solutions  for  both  physical  and  cyber  security,  integrated  by  a  common  secu¬ 
rity  management  platform. 

■  CIAP  Business  Continuity:  A  complete  set  of  business  continuity  solu¬ 
tions  that  enable  continuous  availability  of  a  company’s  asset 
base. 

A  STEADY  PARTNER  IN  A  CHANGING 
WORLD 

For  over  40  years,  TRW  has  successfully  support¬ 
ed  the  security  requirements  of  some  of  the  world’s 
most  security-conscious  organizations.  Because 
our  industry-leading  R&D  investments  keep  us  on 
the  cutting  edge  of  business  protection  technologies, 
TRW  can  deploy  the  right  solution  at  each  and  every 
phase  of  the  Business  Protection  Lifecycle. 

Equally  important  and  thoroughly  proven,  TRW’s  implemen¬ 
tation  methodology  and  over  four  decades  of  security  engineering  leadership 
have  minimized  risks  and  lowered  the  cost  of  business  protection  at  countless 
locations  worldwide.  TRW  also  provides  CIAP  solutions  as  part  of  its  strate¬ 
gic  IT  outsourcing  services,  Information  Partnering SM. 


For  more  information  on  TRW  CIAP  or  Information  Partnering81 
visit  us  at  www.trw.com/CIAP  or  www.trw.com/IP. 


ed  what  was  then  the  ARPANET  back 
in  1987,  a  new  era  was  born.  Now  enter¬ 
prises  struggle  to  remain  uninfected. 
Best  bet:  antivirus  programs  from 
Symantec,  McAfee  and  others  that  con¬ 
tinually  monitor  systems  and  remove 
any  discovered  culprits.  But  don’t  for¬ 
get  to  regularly  update  that  virus  signa¬ 
ture  database. 

INTRUSION  DETECTION.  A  more  sophisti¬ 
cated  approach,  of  course,  searches  out 
patterns  in  data  and  network  traffic 
that  indicate  attacks  and  responds 
before  harm  can  be  done. 

Network-based  intrusion  detec¬ 
tion  systems  (IDSs)  scrutinize  network 
packets  for  malicious  ones  designed  to 
sneak  past  firewall  filtering.  Host- 
based  IDSs  guard  individual  computer 
systems,  examining  system  calls,  file 


access,  application  execution,  etc.,  and 
hybrid  IDSs  combine  these  functions 
to  deliver  consolidated  alert  data  to  a 
central  console. 

Pattern-detecting  IDSs  can  be  use¬ 
ful  against  viruses,  too.  Currently,  most 
information  systems  cannot  detect  virus¬ 
es  and  worms  —  instead  they  react  to 
viruses  and  worms  for  which  antidotes 
have  already  been  created.  The  Code 
Red  worm,  for  instance,  struck  over 
150,000  Web  servers  in  a  single  day 
before  anyone  knew  what  it  was  or  how 
to  defend  against  it. 

But  not  every  server  sniffed  out  by 
Code  Red  was  successfully  infected 
during  the  worm’s  initial  strike.  A  num¬ 
ber  of  businesses  that  had  implement¬ 
ed  Recourse  Technologies’  ManTrap 
and  ManHunt  products  were  able  to 


avert  the  attack  before  the  worm  was 
identified. 

Believing  it  to  be  a  server,  Code  Red 
hit  ManTrap ’s  honeypot,  set  up  to  bait 
intruders,  and  was  immediately  detect¬ 
ed.  ManHunt  recognized  the  code  as  an 
EITTP  protocol  anomaly  and  alerted 
users,  who  could  then  deflect  it  before 
Code  Red  was  known  even  to  experts. 

‘Advanced  intrusion  detection  and 
threat  management  solutions,”  says 
Recourse  Technologies’  Huerta,  “pro¬ 
vide  early  warning  signs  and  back¬ 
ground  information  on  internal  and 
external  hacker  activity.  The  detailed 
information  generated  by  threat  man¬ 
agement  solutions  provides  CIOs  with 
the  critical  time  needed  to  deploy 
effective  countermeasures  before  the 
full  attack  wave  hits.”  SD 
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STAYING  ALIVE: 

BUSINESS  CONTINUITY 

PLANNING 


T’s  IMPORTANT  THAT  CIOS  BEGIN 
to  take  a  more  holistic,  lifecycle 
approach  to  security.  Today’s 
threats  are  more  numerous  and 
complex  than  those  we  have 
faced  in  the  past.  This  trend  is 
not  going  to  improve  —  tomor¬ 
row’s  threat  environment  will  be 
much  worse  than  today’s.” 

So  says  Michele  Kang,  vice 
president  and  deputy  general  manager 
of  TRW  Global  Information  Technolo¬ 
gy.  “It  is  simply  not  sufficient,”  she  con¬ 
tinues,  “to  rely  on  just  one  or  two  point 
solutions  for  enterprise  security.  A  life- 
cycle  approach  is  required  where  the 
enterprise  continually  cycles  through 
the  three  critical  phases:  assess,  secure 
and  respond.” 


point  solutions  for  each  type  of  possible 
threat  when  the  reality  is  that  you 
should  be  putting  management  controls 
in  place  that  will  enable  your  organiza¬ 
tion  to  respond  to  any  type  of  situation 
—  including  those  that  you  have  not 
identified  as  a  threat.” 

That’s  why  security  experts  talk 
about  survivability:  making  sure  that 
information  systems  remain  robust 
when  they  are  under  attack  or  suffering 
failure  so  that  they  can  continue  to  ful¬ 
fill  their  missions.  What’s  key  is  not  the 
survival  of  any  given  system  but  rather 
the  continuity  of  business-critical  services. 

Thus  survivability  means  something 
different  for  every  company,  and  even 
every  moment.  A  company  that  suffered 
system  losses  in  the  September  n  attacks 


TODAY'S  THREATS  ARE  MORE  NUMEROUS 
AND  COMPLEX  THAN  IN  THE  PAST  . . 
TOMORROW'S  THREAT  ENVIRONMENT 
WILL  BE  MUCH  WORSE  THAN  TODAY’S. 


After  all,  even  the  best  efforts  to 
harden  Internet-linked  networks  and  sys¬ 
tems  can’t  remove  all  vulnerabilities  to 
intrusion,  attack,  accidents  and  failures. 

“Organizations,”  says  Ken  Boyd, 
vice  president  of  business  development 
at  Peregrine  Systems,  “are  introducing 


but  preserved  the  integrity  of  its  data  and 
restored  basic  operations  a  few  days  later 
can  conclude  that  its  overall  systems  mis¬ 
sion  was  fulfilled,  although  some  systems 
were  completely  destroyed. 

But  if  those  same  systems  had 
crashed  without  warning  a  month  earli¬ 


er  and  remained  out  of  service  for  sev¬ 
eral  days  under  normal  conditions  — 
costing  the  company  its  ability  to  con¬ 
duct  business  —  then  those  systems 
would  have  failed  in  fulfilling  their  mis¬ 
sion,  since  essential  services  would  not 
have  been  preserved. 

ANTICIPATION 

The  planning  needed  to  maintain  this 
kind  of  business  continuity  involves: 
DISASTER  RECOVERY  —  running  critical 
technologies  and  applications  from 
alternate  sites 

WORKSPACE  RECOVERY  —  running  criti¬ 
cal  business  processes  from  alternate  sites 
BUSINESS  RESUMPTION  —  workarounds 
enabling  continuation  of  critical  busi¬ 
ness  functions  until  disrupted  capabili¬ 
ties  are  restored 

CONTINGENCY  PLANNING  —  managing 
external  events  that  impact  the  business 

CRISIS  MANAGEMENT  —  initial  response 
to  disruptive  events 

Julia  Allen  of  Carnegie  Mellon’s 
CERT  Coordination  Center  notes  that 
organizations  can  balance  operational 
and  security  needs  “by  applying  risk 
management  thinking  to  securing  infor¬ 
mation  assets  in  the  same  fashion  that 
risk  management  is  employed  to  man¬ 
age  risks  to  other  critical  business  driv¬ 
ers,  such  as  preserving/growing  market 
position  and  reputation,  and  building 
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ARRIERS  ARE  GOOD.  BUT  THEY’RE  NOT  GOOD  ENOUGH. 

The  heightened  safety  needs  of  today's  world  demand  a  new 
security  paradigm,  one  that  focuses  on  the  identity  and 
actions  of  the  individual  itself. 

While  biometrics  allow  us  to  biologically  verify  that  each 
person  is  who  he  or  she  claims  to  be,  Identix  takes  the  new 
paradigm  one  step  further  by  regularly  associating  the  individual  with  his  or 
her  actions.  This  is  what  we  refer  to  as  Continuity  of 
Authentication ™. 

Continuity  of  Authentication  uses  electronic  fin¬ 
gerprint  templates  to  establish  a  subject’s  identity,  which  is  then  linked  to  the 
access  privileges  on  the  subject’s  smart  card  or  badge,  allowing  access  to 
computer  systems  and  facilities.  But  at  that  point,  the  process  has  just  begun: 
Identity  and  access  privileges  are  checked  and  re-checked  at  routine  intervals 
to  maintain  Continuity  of  Authentication. 

Such  a  system  demands  both  leading  biometric  technologies  and  a  cut- 
ting-edge  identity  management  platform  to  store  and  centrally  manage  its 
role-based  policy  information.  This  vision  is  made  reality  by  IDENTIX  INCOR¬ 
PORATED  (IDNX),  the  world’s  leader  in  fingerprint  biometrics. 


UNOBSTRUCTED  BY  CONVENTIONAL  SECURITY 
BARRIERS 

Identix’  security  arsenal  includes:  fingerprint  authentication  software  and 


hardware  for  servers,  desktops,  laptops  and  PDAs,  forensic  quality  finger¬ 
print  solutions  for  criminal  background  checks,  and,  fingerprint  biometric 
physical  access  devices  to  protect  premises  and  locations.  Identix’  itrusC , 
Web-based  identity  management  platform  for  wireless  and  wired  environ¬ 
ments  provides  multi-factor  authentication,  access  and  administration  serv¬ 
ices  for  managing  both  computer  and  physical  access  security  systems. 

So  great  is  Identix’  ability  to  secure  virtually  any  network  or  location  that 
_  there  are  few  organizations  that  cannot  benefit  from 

identix  its  comprehensive  approach.  Whether  the  need 

exists  to  protect  proprietary  information,  safeguard 
Web-based  transactions,  prevent  identity  theft,  control  building  access,  check 
employee  backgrounds,  stop  credit  card  fraud,  control  access  to  borders 
and  airports,  Continuity  of  Authentication  is  essential.  What’s  more,  we 
believe  it  will  ultimately  make  our  world  a  safer  place  —  where  we  can  con¬ 
duct  our  lives  and  business  on  our  own  terms,  securely  and  conveniently, 
unobstructed  by  conventional  security  barriers. 


Identix  Incorporated 

100  Cooper  Court,  Los  Gatos,  CA  95032 
Phone:  888.433.6849,  Fax:  408.395.8076 
Email:  info@identix.com 


For  more  information,  visit  www.identix.com 


customer  trust.” 

Many  CIOs  seek  the  help  of 
experts  when  developing  a  business 
continuity  plan,  which  involves: 
PLANNING  AND  CONSULTING,  including 
business  continuity  planning  and  man¬ 
agement  software,  hot-site  facilities, 
rapid  hardware  replacement,  high- 
availability  networking,  PC-based 
planning  tools 

RECOVERY  SITES,  including  hot  sites, 
cold  sites,  mobile  sites 
DATA  STORAGE,  including  off-site  stor¬ 
age  and  electronic  vaulting. 

Peregrine  Systems,  for  instance, 
offers  both  infrastructure  management 
services  (managing  and  securing  multi¬ 
ple  types  of  key  assets)  and  crisis  man¬ 
agement,  which  provides  the  underlying 
technology  for  a  command-and-control 


system,  so  enterprises  can  prepare  for 
and  instantly  respond  to  crisis  situa¬ 
tions.  Built  on  Peregrine's  Action 
Request  System  development  platform 
and  Peregrine’s  Business  Integration 
Suite,  this  new  offering  allows  organiza¬ 
tions  to  manage  an  event  from  initial 
discovery  through  closure. 

And  TRW’s  Global  Information 
Technology  Division  provides  a  range  of 
business  continuity  services,  including 
risk  management  and  vulnerability 
assessment,  system  architecture  and 
design  services,  secure  network  solutions 
and  secure  remote  outsourcing  facilities. 

From  TRW’s  perspective,  though, 
business  continuity  planning  isn’t  the 
whole  story. 

“Business  continuity  is  one  step  in 
the  business  protection  lifecycle,”  notes 


Kang.  “It  is  important  to  not  simply 
focus  on  business  continuity  without 
addressing  the  other  steps.  You  need  to 
assess  your  current  environment,  busi¬ 
ness  strategy,  security  policies  and  pro¬ 
cedures  and  threats  to  identify  vulnera¬ 
bilities.  Then  you  must  secure  those 
vulnerabilities  using  proven  solutions 
designed  to  optimize  your  security 
investment.  Finally,  an  organization 
must  respond  to  events  as  they  occur  in 
a  manner  that  maintains  the  integrity  of 
their  operations.” 

HELP  FROM  BELOW 

“Employees  lacking  adequate  security 
education  pose  the  greatest  threat  to 
the  enterprise,”  Kang  reminds  us.  “As 
insiders,  they  can  unknowingly  com¬ 
promise  the  technical  security  controls 
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CASE  STUDY 


OMBLE  CARLYLE,  ONE  OF  THE  SOUTHEAST  AND  MID- 

Atlantic  regions  largest  business  law  firms,  required  a 
cost-effective,  secure  and  reliable  solution  to  help  its 
mobile  workers  rapidly  backup  and  restore  PC  data  while 
traveling.  In  other  words,  it  needed  a  way  to  keep  its  data 
safe,  PC  users  up  and  running,  and  support  costs  down. 
“We  work  in  an  environment  where  time  is  money  and  if  an  attorney  does 
not  have  access  to  his  or  her  case  data,  it  could  be  detrimental  to  the  out¬ 
come  of  a  case,”  explains  Sean  Scott,  CIO  of  Womble  Carlyle. 

Scott  needed  to  find  a  solution  that  could  ensure  that  crucial  research 
and  data  was  protected  as  well  as  accessible  at  all  times,  even  on  the  road. 
After  evaluating  a  number  of  solutions,  Scott  and  his  IT  team  concluded  that 
while  many  tools  were  adequate  for  a  simple  backup/data  restore,  only  Con¬ 
nected  TLM  from  Connected  Corporation  would  enable  Womble  Carlyle  to 
securely  backup  and  restore  a  complete  system,  including  operating  system, 
applications,  data  and  registry. 

SAVES  THOUSANDS  OF  DOLLARS  IN  LOST  DOWNTIME 

Currently  installed  on  more  than  400  laptops  and  100  desktop  systems  in  nine 
of  the  law  firm’s  offices,  Connected  TLM  protects  Womble  Carlyle’s  critical 
data  using  any  Internet  connection.  The  result?  Attorney’s  at  any  location 


worldwide  can  recover  form  crashes  and  data  loss,  and  be  up  and  running  in 
minutes,  instead  of  the  days  formerly  required. 

According  to  Scott,  Connected  TLM  backs  up  and  restores  all  data  files 

securely  in  minutes,  saving  precious  time 
and  money.  And  its  advanced  encryption 
protects  and  secures  all  data  as  it’s  sent 
over  the  wire  and  stored.  What’s  more, 
the  Connected  TLM  Data  Center’s  built-in 
redundancy  and  replication  technology 
provides  high  availability  for  mission-criti¬ 
cal  information. 

“Connected  TLM  significantly  reduces 
the  time  it  takes  my  IT  staff  to  trou¬ 
bleshoot  and  restore  an  ailing  computer,” 
reports  Scott.  “Connected  TLM  presents 
us  with  an  efficient  way  to  resolve  problems 
and  ensure  that  vital  data  is  protected  at  all 
times.  This  capability  can  save  the  firm  many  thousands  of  dollars  in  lost 
downtime.” 


For  more  information,  visit  www.connected.com 


CIO  Sean  Scott  prevents 
downtime  losses 


used  to  protect  the  enterprise.  Security 
is  everybody’s  responsibility,  not  just  the 
information  technology  organization  or 
the  security  staff.” 

Richard  Hunter,  vice  president  of 
security  research  at  Gartner,  agrees  and 
offers  an  example: 

“The  break-ins  on  Microsoft's 
servers  that  occurred  in  October  2000 
apparently  began  with  the  infection  of 
a  single  employee's  PC  with  a  Trojan 
Horse  virus.  Once  that  employee  logged 
into  Microsoft's  network  —  an  action 
which  he  was  authorized  to  perform  — 
the  virus  was  inside  the  firewall  and  bad 
things  happened  quickly  after  that.  ‘Bad 
things,’  in  this  case,  included  essentially 
unfettered  access  to  servers  containing 
source  code  for  Microsoft’s  operating 
system  products. 

“You  can't  make  a  highway  safe  if 
the  drivers  don't  know  how  to  drive,” 


says  Hunter.  “In  a  distributed  comput¬ 
ing  environment,  entry  points  for 
threats  are  also  distributed,  and  individ¬ 
uals  must  be  aware  of  the  nature  of 
threats  and  the  ways  and  means  of  self¬ 
protection.” 

For  organizations  with  large  num¬ 
bers  of  users,  complex  interactions  and 
diverse  and  disparate  networks,  plat¬ 
forms  and  systems,  a  security  policy  is 
essential  in  order  to  effectively  cope 
with  day-to-day  operations  as  well  as 
exceptional,  compromising  events. 

“To  improve  an  enterprise’s  protec¬ 
tion,”  Kang  believes,  “technology  must 
be  supported  by  policies,  procedures 
and  organizational  and  technical  frame¬ 
works.  Policies  and  procedures  are  need¬ 
ed  to  define  what  is  acceptable  and  what 
is  not,  and  to  designate  who  within  the 
organization  is  responsible  for  verifying 
and  assuring  compliance.” 


At  minimum,  every  corporate  secu¬ 
rity  policy  should  address: 

■  Business  continuity  planning 

■  Security  organization 

■  System  development  and  maintenance 

■  Computer  and  network  management 

■  Assets  classification  and  control 

■  System  access  control 

■  Physical  and  environmental  security 

■  Personnel  security 

Once  security  policy  is  developed, 
it  must  be  implemented,  documented 
and  rigorously  and  regularly  tested. 
Often  this  will  entail  a  significant 
employee-awareness  campaign  and  a 
committed  training  effort. 

“Awareness,”  says  Peregrine’s  Boyd, 
“is  key  to  enabling  your  entire  organiza¬ 
tion  to  know  what  to  do  in  the  event  of 
a  security  breach.  Equally  important  is 
your  organization’s  capability  to  assess 
and  your  ability  to  respond.”  SD 
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How  safe  is  your  data 

(Really.) 


'An  enterprise  cannot  become  resilient  unless  it  can  effectively 
operate  a  backup-and-restore  method  for  all  of  its  user 
workstations  -  in  the  offices,  mobile  and  remote. 

Continuous  backup,  and  the  ability  to  restore  anywhere  and 
anytime,  is  fundamental  not  only  as  a  convenience  to 
the  individual  user,  but  to  the  survival  of  the  business. 

The  great  majority  of  tools  for  backup  and  restore  are  based  on 
the  erroneous  assumption  that  the  user  will  have  constant 
access  to  a  high-speed  LAN.  W 

Best  Practices  for  Mobile  Workforce  Information  Backup, 

John  Girard,  Gartner  Research,  QA,  Dec  2001 


With  Connected  TLM™,  you  can  securely  protect, 
and  restore  your  data-in  the  office  or  over  the  Internet— 

anytime,  anywhere. 


CONNECTED 


DATA  SAFE. 
PCs  UP. 
COSTS  DOWN. 


Meet  Gary  Beach  .  CIO  magazine  &  Connected  Executive  Event  Series: 
CXO  Media  Inc.  ’  www.connected. com/events/CIO 


DEPLOYED 


DOWNLOAD 


By  400  corporations,  including  Amgen,  Citgo,  Deutsche  Banc, 
Fidelity,  Hewlett-Packard,  Lockheed  Martin,  Schlumberger, 
Toyota,  Tyco,  U.S.  Army,  U.S.  Postal  Service  and  VISA 
To  find  out  more  call  1  800  934  0956 

Get  the  full  story  on  Connected  from  Gartner 
www.connected.com/gartner_bestpractices 
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Securing  your  business  isn't 
as  hard  as  you  may  think. 


Remember  this?  You  turned  it  one  way,  then  another. 
Again  and  again.  Finally  you  put  it  down.  It  was  just 
too  hard.  That's  how  some  people  think  about  busi¬ 
ness  security  today.  Except  you  can't  put  this  one 
down.  It's  not  a  game,  and  you  have  an  obligation  to 
your  employees,  shareholders  and  customers  to 
protect  your  assets.  Fortunately,  there's  a  solution  out 
there -TRW  Critical  Information  and  Asset  Protec¬ 
tion  (CIAP)  -that  takes  on  the  seemingly  infinite  com¬ 
binations  of  physical,  cyber  and  terror  threats  you 
face  today. 


Safeguarding  your  business,  CIAP  solutions  from 
TRW  are  designed  to  add  value  exactly  where  and 
when  they're  needed  -  across  your  entire  business, 
anywhere  in  the  world.  For  over  40  years,  TRW  has 
been  supporting  the  security  requirements  of  some 
of  the  world's  most  security-conscious  organiza¬ 
tions.  Our  proven  solutions  have  minimized  risks  and 
lowered  the  cost  of  business  protection  at  countless 
locations  worldwide.  When  it's  this  important,  and 
you  can't  afford  to  play  games,  trust  TRW  to  secure 
your  business.  For  more  information  on  our  CIAP 
solutions,  call  TRW  today  at  800.850.3855. 


©  TRW  Inc.  2002 
TRW  is  the  name  and 
mark  of  TRW  Inc. 


Your  security  solution  is  a  lot 
simpler  than  you  think. 


Critical  Information  &  Asset  Protection 


www.trw.com/Security 
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Secure  E-Biz  is  a  two-day  forum  presented  in  two  parallel  tracks  to  address  the 
critical  success  factors  for  both  Architectures  and  Information  Infrastructure. 

Track  1  CIO  Strategies  for  Information  Defense 
Track  2  Advances  in  Enterprise  Architectures 
A  pair  of  CIO  Luncheon  Roundtables  will  enable  bureau  and  agency  CIO  Council 
members  to  engage  their  commercial  counterparts  to  discuss  hot  topics  facing  our 
industry.  The  Secure  E-Business  Summit  has  become  one  of  the  top  forums  for 
government  and  industry  CIOs.  Come  join  us  in  shaping  the  furture  of  Secure  E-Business. 

first  rate  conference  that  (unlike  many  other  conferences  in  this  town)  actually  tries  to  identify 
d  solve  some  very  difficult  problems." — Department  of  Defense  Deputy  CIO,  2000 
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Leadership 


are  the  two  biggest  causes  of  low  morale,” 
says  Rick  Chapman,  CIO  and  chief  admin¬ 
istrative  officer  at  Kindred  Healthcare  in 
Louisville,  Ky.  “It  doesn’t  matter  what  the 
economy  is  like.” 

The  first  step  toward  fixing  bad  morale 
is  acknowledging  that  the  problem  exists. 
The  second  step  is  realizing  that  it’s  your 
responsibility  to  make  it  better.  While 
morale  may  seem  like  the  domain  of  HR, 
that’s  a  cop-out,  says  David  Van  De  Voort, 
a  principal  consultant  and  leader  of  the  IT 
workforce  effectiveness  group  at  Mercer. 

“The  CIO  is  the  head  of  a  community,  a 
family  of  professionals,”  he  says.  “No  com¬ 
petent  CIO  would  leave  morale  for  HR  to 
deal  with.  The  CIO  has  to  be  the  one  who 
sets  the  tone  and  defines  the  IT  culture  in 
any  organization.” 

While  CIOs  should  not  relegate  respon¬ 
sibility  for  morale  to  HR,  you  can  and 
should  lean  on  HR  for  help.  Having  an 
HR  representative  participate  in  meetings 
can  help  make  employees  feel  cared  for  by 
the  company.  The  HR  rep  is  also  another 
person  an  employee  can  talk  to.  No  mat¬ 
ter  how  open  your  culture,  employees 
aren’t  always  comfortable  talking  to  the 
CIO,  and  that  means  they  may  not  tell  the 
whole  truth  about  how  they  feel  if  they  do 
talk  to  you. 

There  are,  however,  actions  you  can  and 
must  take  to  deal  with  and  reverse  a  bad 
morale  situation,  including  placing  special 
emphasis  on  management  basics  such  as 
communication,  leadership  and  special  pro¬ 
grams  for  employees:  training,  rewards  and 
recognition.  Here  are  steps  tailored  for  an 
IT  staff  that  you  can  take  toward  recogniz¬ 
ing  and  rehabilitating  low  morale. 

Look,  Listen,  Take  Nothing 
for  Granted 

Morale  is  like  the  weather  on  the  plains — it 
can  change  drastically  in  the  space  of  a 
minute.  But  on  the  plains,  you  can  see  a 
storm  coming;  the  warning  signs  of  bad 
morale  are  more  subtle  and  difficult  to 
detect.  Some  old  signals,  such  as  increased 
turnover  and  frequent  absences,  aren’t  as 


reliable  now  as  they  once  were.  People  are 
less  likely  to  leave  their  position  in  the  mid¬ 
dle  of  a  recession,  when  jobs  are  hard  to 
find,  and  since  Sept.  11  some  companies 
have  discovered  that  turnover  has  decreased 
as  employees  yearn  for  stability  and  secu¬ 
rity  in  their  life. 

Still,  being  able  to  identify  a  morale  prob¬ 


lem  begins  by  being  able  to  recognize  sit¬ 
uations  that  can  bring  people  down,  says 
Ben  Holder. 

As  vice  president  and  CIO  of  Unifi,  a 
Greensboro,  N.C. -based  textiles  manufac¬ 
turer,  Holder  makes  it  a  point  to  meet  with 
his  staff  on  a  daily  basis  to  discuss  all  aspects 
of  IT  and  its  place  in  the  company.  He  keeps 
his  ears  open  for  the  red  flags  that  could  sig¬ 
nal  trouble. 

“The  biggest  mistake  you  can  make  is  to 
ignore  the  existence  of  a  problem  or  ration¬ 
alize  it  away,”  he  says.  “People  shouldn’t  be 
constantly  uncommunicative.  If  they  get 
negative  in  conversations,  you  have  to  perk 
up  your  ears.  Look  at  their  faces.  Are  they 
laughing  or  smiling  at  all  around  the  office? 
Are  they  quiet  in  meetings?  If  behavior  and 
attitudes  have  changed,  red  lights  should 
start  flashing  in  your  mind.” 

Even  if  you  have  a  large  staff — Holder 
has  60  people  in  his  department — “you 
have  to  make  an  effort  to  get  to  know 
them,  know  their  spouses,  know  what’s 
going  on  in  their  lives,”  he  says.  “I’ve  told 
them  all  about  my  family  because  I  care 
about  them,  and  they  should  know  that.  I 
want  them  to  care  about  me  as  well  because 


I  need  a  lot  from  them,  and  I  need  them  to 
want  to  give  that  kind  of  effort.” 

Having  daily  contact  with  staff  is  essen¬ 
tial  for  maintaining  morale,  says  Theresa 
Welbourne,  associate  professor  of  organiza¬ 
tion  behavior  and  human  resource  manage¬ 
ment  at  the  University  of  Michigan  business 
school  in  Ann  Arbor,  Mich.  “No  organiza¬ 


tion  is  good  at  being  proactive  when  it 
comes  to  morale,”  Welbourne  says.  “Most 
companies  are  reactive.  CIOs  will  notice 
when  productivity  is  down,  but  if  you  are 
just  starting  to  notice,  that  means  produc¬ 
tivity  has  been  on  the  way  down  for  six 
months  already.” 

A  CIO’s  first  line  of  defense  when  it 
comes  to  low  morale  is  to  listen  closely,  she 
explains.  The  clues  lie  in  what  employees  are 
not  saying. 

“Look  at  the  level  of  energy,”  she  says.  “Is 
your  staff  engaged  and  participating  in  proj¬ 
ects  and  meetings,  or  are  they  withdrawn 
and  lethargic?  If  people  are  no  longer  con¬ 
tributing,  particularly  if  they  used  to  speak 
up  often,  that’s  a  sign.  If  people  are  talking 
but  are  being  pessimistic,  that’s  very  telling. 
When  things  are  good,  IT  workers  feel  like 
they  can  do  anything.  But  when  morale  is 
down,  they  tend  to  feel  like  even  one  proj¬ 
ect  is  too  much  to  get  done.  The  sense  of 
urgency  on  projects  diminishes.” 

Walk  the  corridors  often,  and  stand  at  the 
door  before  a  meeting  starts  and  listen  to 
what  people  say  as  they  come  in,  she  says. 
You  may  think  your  employees  feel  com¬ 
fortable  discussing  personal  or  professional 


LACK  OF  COMMUNICATION  AND 
BAD  MANAGEMENT,  OR  LACK  OF  CONFIDENCE 
IN  MANAGEMENT,  ARE  THE  TWO  BIGGEST 
CAUSES  OF  LOW  MORALE.  IT  DOESN’T  MATTER 
WHAT  THE  ECONOMY  IS  LIKE. 

-Rick  Chapman,  CIO  and  chief  administrative  officer,  Kindred  Healthcare 
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Wireless  Works! 


Faster  deployment 

Your  choice  of  wireless  carrier  matters!  CDMA 
carriers  are  the  first  to  market  with  fully  standard¬ 
ized,  commercial  3G  networks  and  devices — 
long  before  other  wireless  carriers.  By  choosing 
a  CDMA  carrier,  you  can  leverage  the  real  and 
practical  advantages  of  3G  CDMA  today ,  and 
avoid  the  pitfalls  of  a  costly  and  complex  wireless 
network  and  device  migration  path. 

Faster  network  throughput 

Today’s  3G  CDMA  networks  provide  peak  rates 
up  to  144  kbps.  But  more  importantly,  they 
provide  real  throughputs  of  up  to  60-90  kbps, 
enabling  many  applications  that  were  never  before 
practical  over  a  wireless  wide  area  network  (WAN). 

More  device  choices 

With  our  industry-leading  chipset  and  software 
solutions,  QUALCOMM  is  enabling  the  rapid 
development  of  3G  devices  by  dozens  of  leading 
manufacturers  worldwide.  This  includes  PCMCIA 
cards  with  WAN  access  at  up  to  60-90  kbps 
for  enterprise  data  applications  such  as  e-mail, 
customer  relationship  management  and  sales 
force  automation.  Phones  and  PDAs  with  low- 
latency  browsing,  color  displays,  and  increased 
capabilities  for  position  location  and  enhanced 
wireless  multimedia  are  also  commercially  available. 
(See  www.3Gtoday.com  for  more  details.) 

Faster  development 

QUALCOMM  has  created  an  open  applications 
platform  called  the  Binary  Runtime  Environment 
for  Wireless™  (BREW™)  that  supports  native  C/C++ 
and  Java™  applications,  enabling  developers  to 
extend  enterprise  applications  quickly  and  easily. 
BREW  also  lets  you  download  and  update  applica¬ 
tions  directly  to  the  user’s  device  for  better  software 
management  and  control. 

Faster  decisions 

Our  mobility  experts  at  Wireless  Knowledge  deliver 
strategic  mobility  solutions  that  leverage  existing 
investments  while  harnessing  the  technical  and 
competitive  advantages  provided  by  today’s  3G 
wireless  technologies.  By  extending  critical  corpo¬ 
rate  applications  to  mobile  devices,  business 
professionals  are  empowered  to  make  informed, 
financially  justified  decisions  to  drive  their  business. 

Faster  ROI 

From  improved  productivity  and  responsiveness 
to  better  logistics  and  customer  relationship 
management,  the  benefits  of  corporate  data 
mobility  are  more  compelling  now  than  ever.  Visit 

www.qualcomm.com/enterprise  to  leam  more. 


■ 


'Mr  ' 
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As  president  of  QUALCOMM'S  wireless  &  internet  Group, 
Dr.  Paul  Jacobs  has  a  unique  perspective  on  third-generation 
(3G)  networks,  devices  and  applications.  How  will  3G  drive 
new  advances  in  enterprise  mobility? 
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Leadership 


issues  that  are  affecting  their  state  of  mind, 
but  you’re  probably  wrong. 

“You  might  have  an  open  culture,  but 
people  learn  from  previous  jobs  to  keep  their 
mouths  shut,”  she  says.  “Employees  try  to 
hide  their  feelings  because  they  are  afraid  of 
a  punitive  backlash  if  they  say  anything.” 

The  best  way  to  counteract  that  kind  of 
wariness  is  to  talk  to  your  staff  in  a  consis¬ 
tent,  honest  manner. 

Honesty  Is  (Surprise!) 
the  Best  Policy 

The  most  important  tool  for  recognizing 
and  combating  bad  morale  is  communica¬ 
tion.  Even  if  your  company  is  going  down 
the  tubes  and  the  future  looks  grim,  tell 
your  staff  what’s  really  going  on,  says 
Joseph  Osbourne,  CIO  and  executive  vice 
president  of  Tech  Data,  an  IT  products  and 
logistics  management  company  based  in 
Clearwater,  Fla. 

“The  biggest  mistake  is  to  withdraw  and 
keep  information  to  yourself,”  Osbourne 
says.  “There’s  nothing  more  miserable  than 
when  a  CIO  holes  up  in  his  office  and 
assesses  a  situation  behind  closed  doors  and 
doesn’t  share  information  with  the  staff.  It’s 
insulting  to  your  staff’s  intelligence,  and  it’s 
very  destructive  in  terms  of  morale.” 

Being  up  front  is  important,  as  is  hon¬ 
esty.  “You  don’t  want  to  say  everything  is 
rosy  and  then  come  back  in  a  week  and 
say  the  company  is  not  going  to  make 
it,”  Osbourne  says. 

CIOs  sometimes  keep  information  to 
themselves  because  they  don’t  want  to  worry 
their  employees,  but  even  though  they  mean 
well,  hiding  information  will  only  spark 
anger  and  distrust,  says  Mercer’s  Van  De 
Voort. 

“Tell  them  what’s  going  on,  and  don’t 
hold  back  because  you  think  it  will  worry 
or  upset  them,”  he  says.  “If  you  stay  silent, 
you  won’t  be  protecting  them.  In  fact,  you’ll 
be  leaving  them  vulnerable,  and  that  will 
only  make  the  situation  worse.” 

Before  CIO  Bill  Morrison  came  to  Can¬ 
ton,  Mass. -based  high-end  audio  retailer 
Tweeter  Home  Entertainment  last  year,  he 


Five  Keys  to 
Keeping 
Morale  High 


1.  KEEP  YOUR  EAR  TO  THE  GROUND. 
The  first  step  toward  dealing  with  a 
morale  problem  is  recognizing  that 
you  have  one.  Watch  and  listen.  When 
people  stop  talking,  you  should  start. 

2.  TALK  IT  OUT.  The  more  informa¬ 
tion  that  flows  to  and  from  your 
people,  the  higher  their  morale  will 
be.  Meet  with  them  regularly.  And  be 
honest.  You’re  not  fooling  anyone. 

3.  KNOW  WHAT  YOUR  PEOPLE 
VALUE.  IT  workers  tend  to  value  skill 
development  above  everything.  Try 
not  to  cut  the  training  budget. 
Establish  a  lending  library.  Explore 
online  courses. 

4.  LAUGH  AND  YOUR  STAFF 
LAUGHS  WITH  YOU.  People  look  to 
their  leaders  for  their  emotional  cues. 
If  you’re  feeling  hopeless,  keep  it  to 
yourself. 

5.  GET  EVERYONE  INVOLVED.  Don’t 
be  afraid  to  ask  your  staff  for  sugges¬ 
tions  on  how  to  improve  morale.  If 
people  feel  they’re  being  proactive, 
their  morale  will  automatically 
improve. 


was  CIO  at  Bradlee’s,  a  now-defunct,  low- 
cost  retail  chain.  As  Bradlee’s  spiraled  into 
bankruptcy,  Morrison  found  that  constant, 
honest  communication  was  vital  to  keep  his 
staff’s  spirits  high. 

“When  the  company  is  in  rough  shape, 
the  CIO  role  is  more  about  leadership  than 
technology,”  Morrison  says.  “You  have  to 
talk  to  your  staff  every  day  and  tell  them 
everything  you  know,  even  if  the  informa¬ 
tion  is  changing  on  a  daily  basis.  Tell  them 
that  you’ll  update  them  as  it  comes,  but  that 
it  could  change  at  any  minute.  Even  if  you 
don’t  have  an  answer  for  them,  tell  them 
that  you  don’t  know.  That  helps  them  know 
you’re  being  honest,  even  though  it’s  not  an 
easy  situation.  Be  up  front  about  layoffs  and 


other  reductions  in  staff.  Everyone  knows 
about  layoffs  because  it’s  in  the  paper  every 
day.  You  have  to  address  it  honestly  with 
your  staff  because  they’re  concerned.  Try 
to  look  ahead  so  there  are  no  surprises  for 
them.” 

As  a  leader,  even  if  your  own  morale  is 
down,  you  have  to  keep  your  head  up. 
When  morale  is  bad,  it’s  more  vital  than  ever 
that  the  CIO  be  a  fount  of  energy  and  guid¬ 
ance,  even  if  it’s  just  by  keeping  a  smile  on 
your  face,  he  says. 

“This  is  where  your  leadership  skills  come 
into  play,”  says  Morrison.  “Everything  that 
you  do  or  say  or  feel  is  projected  to  your 
staff,  and  even  the  slightest  negativity  will 
come  across.  And  your  staff  needs  that  lead¬ 
ership.  When  you’re  the  CIO,  they  think  you 
know  everything.” 

Building  morale  through  improved  com¬ 
munication  means  more  than  smiling  and 
keeping  an  open  door,  however.  It  means 
developing  trust  between  you  and  your 
employees,  and  that  kind  of  connection  is 
made  by  opening  up  about  yourself,  both 
personally  and  professionally,  says  Peggy 
Klaus,  a  communications  consultant  based 
in  San  Francisco  and  adjunct  professor  at  the 
Wharton  School  of  Business’s  executive 
MBA  program. 

“Tell  your  employees  about  your  leader¬ 
ship  style,  your  philosophy  on  work  and  life, 
the  environment  you  want  to  create  with 
them,  your  vision  and  how  you  plan  to 
achieve  it,”  Klaus  says.  “Tell  them  how  you 
want  them  to  communicate  with  you,  and 
tell  them  what  your  foibles  are.  Let  them  see 
you  as  you  are.  Let  them  know  you’ve  been 
through  rough  times  before  and  how  you 
plan  to  get  through  it  this  time.  Thank  them 
for  staying  with  you  through  this.  Solicit 
their  concerns  and  offer  your  help  in  getting 
through  obstacles.  Get  specific  about  how 
you  intend  to  make  the  situation  better  if 
you  can,  and  how  you’ll  support  them.” 

One  of  the  most  powerful  actions  a  CIO 
can  take  is  to  involve  the  staff  in  addressing 
a  morale  problem,  Klaus  suggests.  Hold  a 
series  of  meetings  with  the  goal  of  gather¬ 
ing  suggestions  for  fixing  morale.  At  each 
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Introducing  the  Mobile  Intel®  Pentium®  4  Processor  -  M. 


Engineered 
for  the  road. 


Road  warriors  rejoice.  The  all-new  Mobile  Intel®  Pentium®  4  Processor  -  M  is  here,  specifically 
designed  for  mobility.  Intel’s  Micro  FCPGA  packaging  technology  enables  thin  and  light  notebooks 
for  added  portability.  And  Enhanced  Intel®  SpeedStep™  Technology  optimizes  application 
performance  for  long-lasting  battery  power.  For  more  about  the  fastest  mobile  processors  in 
history,  visit  www.intel.com/ebusiness/mobile. 

02002  Intel  Corporation,  Intel,  the  Intel  Inside  logo.  Enhanced  Intel  SpeedStep  and  Pentium  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  its 
suosid'aoes  m  the  United  States  and  other  countries.  All  rights  reserved. 
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IF  YOU  SHUT  DOWN  YOUR  TRAINING 
PROGRAM,  YOU’LL  FIND  THAT  A 
MORALE  PROBLEM  DEVELOPS  VERY 
QUICKLY.  TRAINING  DRIVES  I.T.  PEOPLE 

-Bill  Morrison,  CIO,  Tweeter  Home  Entertainment 


ff 


meeting,  update  your  employees  on  what’s 
being  done  and  gather  feedback  on  the 
process  as  it  moves  forward. 

“By  involving  your  staff,  you  give  them 
some  power  over  the  situation,  instead  of 
them  feeling  powerless,”  she  says.  “It  will 
make  them  feel  like  part  of  the  solution, 
instead  of  part  of  the  problem.  By  soliciting 
their  advice,  you  demonstrate  a  level  of 
respect  and  trust  that  they  need  to  see.” 

Don’t  Take  Away  Their 
Training 

One  of  the  most  effective  ways  of  boosting 
IT  morale  and  solidifying  a  sense  of  com¬ 
mitment  between  you  and  your  staff  is  to 
shore  up  your  professional  development  and 
training  program.  Training  is  especially 
important  during  down  times  when  you’re 
asking  your  staff  to  do  more  and,  in  some 
cases,  take  over  unfamiliar  jobs. 

“If  you  shut  down  your  training  pro¬ 
gram,  you’ll  find  that  a  morale  problem 
develops  very  quickly,”  says  Tweeter’s  Mor¬ 
rison.  “Training  drives  IT  people.” 

Even  if  your  budget  is  tight,  Morrison 
says,  you  can  find  economical  ways  to  fund 
training.  Options  include  online  learning 
courses  and  self-teaching  packages.  Reim¬ 
burse  your  staff  for  IT  textbooks  or  create 
a  library  of  books  they  can  use. 

“By  maintaining  the  training  program, 
you  let  your  staff  know  that  you’re  commit¬ 
ted  to  helping  them  stay  current,”  says 
Mercer’s  Van  De  Voort.  “Training  indicates 
an  ongoing  dedication  to  employees,  and 
taking  it  away  is  one  of  the  worst  things  you 
can  do.” 

No  Cheap  Tricks 

Monte  Ford,  CIO  of  American  Airlines  in 
Fort  Worth,  Texas,  has  tackled  more  seri¬ 


ous  threats  to  the  morale  of  his  organiza¬ 
tion  during  his  14  months  on  the  job  than 
most  CIOs  expect  to  deal  with  in  an  entire 
career.  In  April  2001,  Ford  guided  his  organ¬ 
ization  though  a  merger  with  TWA  in  the 
largest  airline  integration  in  history.  Fast  fall, 
the  sale  of  Sabre  to  EDS  meant  that  Amer¬ 
ican  Airlines  lost  almost  4,200  longtime 
contract  employees.  And  after  Sept.  11,  Ford 
had  to  help  his  staff  support  the  airline’s  IT 
needs  as  they  and  the  company  were  rocked 
by  grief  and  loss. 

Through  each  challenge,  Ford  kept  one 
idea  in  mind:  The  people  on  his  staff  are  his 
single  most  valuable  asset.  To  succeed  as  a 
leader  and  to  keep  his  people’s  spirits  up,  he 
learned  to  adjust  the  way  he  viewed  his 
employees. 

“You  have  to  treat  your  staff  as  though 
they’re  volunteers,  not  paid  workers,”  Ford 
explains.  “You  have  to  do  something  every 
day  that  will  make  them  want  to  come  to 
work.  IT  people  are  smart;  if  you  treat 
them  badly,  particularly  during  tough 
times,  they’ll  remember.  If  you  treat  them 
well,  they’ll  be  loyal  and  stick  around.  If  not, 
they’ll  leave  for  a  better  place  as  soon  as 
they  can.” 

As  part  of  his  philosophy,  Ford  has  insti¬ 
tuted  a  system  of  rewards  and  recognition.  If 
someone  has  worked  all  weekend  to  fin¬ 
ish  a  project  or  has  done 
something  good  for  the 
department,  Ford  personally 
applauds  them.  He  and  his 
managers  also  praise  the  staff 
on  an  individual  and  team 
basis  once  a  week  during 
staff  meetings. 


“Appreciate  your  staff  as  much  and  as 
often  as  possible,”  says  the  Wharton  School’s 
Klaus.  “No  matter  how  long  they’ve  been 
at  the  company,  treat  them  like  they’re  the 
best,  the  hottest  stars  in  the  place.  Do  what¬ 
ever  you  can,  even  in  small  ways,  through 
e-mails  and  meetings  and  one-on-ones, 
through  small  gifts  or  extra  time  off,  to  let 
them  know  you  value  them  and  the  work 
they  do.” 

For  such  efforts  to  be  effective,  they  have 
to  be  genuine.  While  a  keg  party  on  Fridays 
or  meetings  with  free  lunches  may  seem  like 
a  quick  way  to  make  people  feel  appreci¬ 
ated  and  valued,  if  such  activities  don’t  fit 
into  your  IT  culture,  they  can  backfire,  says 
Unifi’s  Holder. 

“People  don’t  stay  for  cheap  tricks,”  he 
says.  “They  stay  if  the  environment  is  sup¬ 
portive  and  challenging,  the  business  is  func¬ 
tional  and  there  are  positive  working  rela¬ 
tionships.” 

The  Morale  of  the  Story 

Bad  morale  is  a  very  real,  very  serious  prob¬ 
lem  that  demands  good  leadership.  The  first 
step  is  to  acknowledge  the  existence  of  a 
morale  problem.  If  you  make  the  effort  to 
examine  your  management  and  communi¬ 
cation  skills  and  address  a  need  for  improve¬ 
ment,  morale  will  go  up  and  you’ll  find 
yourself  with  a  loyal,  resilient  staff  that 
won’t  bolt  for  the  hills  once  the  economy 
improves.  HH 


Staff  Writer  Simone  Kaplan  wants  her  bosses  to 
know  that  her  morale  is  just  fine,  thank  you.  Share 
your  strategies  to  improve  your  department’s 
morale  with  her  at  skaplan@cio.com. 


cio.com _ 

How  have  you  defined  your  IT  culture?  Consultant 
David  Van  De  Voort  will  be  online  for  the  next  two 
weeks  to  take  your  questions  on  improving  depart¬ 
mental  morale.  Find  him  through  ASK  THE 
SOURCE,  at  www2.cio.com/ask/source. 
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Quantum's  StorageCare™  Managed  Services  safeguard  valuable  corporate  data  by  using 
best-in-breed  technology,  industry  best  practices  and  proven  processes  to  remotely 
manage  all  backup  and  restore  functions  and  provide: 

•  Guaranteed  on-time  execution  and  monitoring  of  your  scheduled 
backups  on  a  7  x  24  x  365  basis 

•  Management  of  multi-vendor  environments  with  a  single  phone  call 

•  Restoration  of  lost  or  corrupt  data  quickly  and  accurately 

Quantum,  l/l/e  don't  sleep.  So  you  can! 

For  more  information  about  StorageCare  Managed  Services  and  to  RECEIVE  A 
FREE  DOWNLOADABLE  DATA  RECOVERY  PLANNING  EXCERPT  from  industry 
expert  John  Toigo's  renown  book,  Disaster  Recovery  Planning,  visit  us  on-line  or 
to  speak  to  a  StorageCare  Professional  today,  call  toll-free  800-677-6268,  select 
option  2. 


StorageCare ’ 

Managed  Services 


www.QuantumATL.com/ManagedServices 


Quantum 


Merger  Integration 


There  was  one  sign  over  Cingulars  door,  but  the  company  had  a  melange  of 
call  centers  cobbled  together  through  years  of  mergers.  Here’s  how  Cingular 
went  from  60  specialized  call  centers  to  20  new  multifunction  centers. 

BY  DEREK  SLATER 
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The  advertising  is  so  prevalent  and  the 

logcTso  recognizable— the  little  orange  figure  shaped  like 

a  child’s  jack— it’s  hard  to  believe  that  Cingular  Wireless  didn’t  exist  until  two  years  ago. 

A  massive  media  campaign  is  one  of  the  benefits  when  you're  the  offspring  of  telco  giants  like  SBC  Communica¬ 
tions  and  BellSouth,  which  knit  their  cellular  operations  together  in  2000  to  launch  Atlanta-based  Cingular.  How¬ 
ever,  a  single  name  does  not  a  single  company  make.  A  customer  moving  from  Sacramento  to  Wherever  might  find 
her  interactions  with  customer  service  completely  different— different  agents  following  different  scripts,  an  unfa¬ 
miliar  bill  and  so  on.  Cingulars  set  of  60  call  centers  were  cobbled  together  by  years  of  mergers  and  acquisitions. 

That's  par  for  the  course  in  the  wireless  business,  which  started  in  the  '80s  under  heavy  regulation,  with  each 
market  served  by  only  two  local  carriers.  According  to  Cingular  COO  Mark  Feidler,  when 
the  spectrum  licensing  rules  changed  in  the  '90s,  and  customers  started  moving 
across  markets  with  increasing  frequency,  the  local  providers  were  compelled  to 
become  regional,  and  then  national.  An  M&A  frenzy  ensued.  But  the  resulting  morass  of 
customer  support  facilities  is  no  way  to  run  a  business  when  customer  service  is  one  of 
your  main  points  of  competition.  "This  is  an  industry  with  no  intrinsic  customer  loyalty," 
says  Carl  Pitasi,  a  senior  consultant  with  Compass  America,  a  consultancy  in  Oak 
Brook,  III.  “A  big  part  of  your  [profit  and  loss  statement]  depends  on  how  long  custo¬ 
mers  stay  with  you,  and  the  quality  of  call  center  support  plays  very  strongly  into  that." 


Reader  ROI 

►  See  how  to  choose 
technology  standards 

►  Discover  techniques 
for  merging  multiple 
businesses  into  one  entity 

►  Read  a  detailed  study  of 
call  center  consolidations 
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COO  Mark  Feidler  says  that 
when  setting  up  call  centers, 
minimizing  turnover  while 
controlling  wages  is  vital. 


Merger  Integration 


Launching  a  national  brand — that  was 
the  easy  part.  Behind  the  scenes,  Cingular 
faced  the  task  of  rationalizing  60  call  cen¬ 
ters  and  1,400  IT  systems,  including  11 
major  customer  billing  systems.  Today — two 
years  later — Cingular  runs  20  brand-new 
multifunction  call  center  facilities  ranging 
in  size  from  600  to  1,200  agents.  The  1 1  bill¬ 
ing  systems  have  been  reduced  to  seven  and 
will  be  down  to  two  by  the  end  of  the  year. 
The  work  isn’t  finished  yet,  but  already  the 
efforts  are  beginning  to  pay  off.  Cingular’s 
centers  handled  1  million  more  calls  in  2001 
than  they  did  the  previous  year  (as  separate 
entities).  Average  call  duration  (a  classic  call 
center  efficiency  metric,  since  longer  calls 
require  more  staff)  was  30  percent  lower  in 
December  2001  than  in  December  2000. 
Internal  quality  measurements  are  also  up, 
though  Cingular  won’t  quantify  the  rise. 
Here’s  a  look  at  the  challenges  and  lessons 
from  the  call  center  consolidation  and  the 
making  of  a  single  Cingular. 

EXPERIENCE  HELPS 
(AND  YOU  CAN  HIRE  IT) 

Cingular  didn’t  come  to  call  center  consoli¬ 
dation  cold:  SBC’s  wireless  operations 
already  had  started  efforts  to  consolidate 
some  call  centers,  for  example  in  the  Great 
Lakes  region  after  the  1999  acquisition  of 
Ameritech.  Kathy  Dowling  was  president  of 
SBC’s  Northeast  region  for  wireless,  where 
similar  efforts  had  begun  following  the 
acquisition  of  SNET.  When  Cingular  was 
forming,  Dowling — with  operations  experi¬ 
ence — was  installed  as  senior  vice  president 
of  merger  integration. 


Cingular  Wireless 
at  a  Glance 


CREATED:  October  2000,  by  merger 
of  wireless  operations  from  SBC 
Communications  and  BellSouth 

HEADQUARTERS:  Atlanta 

REVENUE:  $13  billion  for  2001 

SUBSCRIBERS:  21. 6M  as  of  Dec.  2001 

EMPLOYEES:  35,000 

I.T.  EMPLOYEES:  3,800 

COMPETITION:  Number-two  wireless 
carrier,  behind  Verizon  Wireless 


However,  they  still  needed  someone  to 
head  up  the  merger  effort  from  the  IT  side. 
Shortly  after  the  Cingular  brand  launch  at 
the  beginning  of  2001,  CEO  Stephen  Carter 
and  COO  Feidler  decided  to  bring  in  a  CIO 
from  outside  the  company  ranks.  “It’s 
important  to  have  people  who  have  come  up 
through  your  own  business,”  says  Feidler, 
“and  there’s  also  enormous  value  in  bringing 
in  people  from  outside  who  bring  a  wealth 
of  other  experience.” 

The  new  CIO,  Thaddeus  Arroyo,  had  ac¬ 
tually  worked  in  telecom  earlier  in  his  career 
(at  Southwestern  Bell)  but  spent  the  past 
decade  working  on  Sabre,  the  Dallas-based 
airline  reservation  system — most  recently  as 
senior  vice  president  of  product  marketing 
and  development,  and  before  that  he  was 
senior  vice  president  of  IT  services.  Feidler 
says  Arroyo’s  experience  with  large-scale 
systems,  infrastructure  plans,  sophisticated 
routing  and  mission-critical  call  centers  made 
him  the  top  choice.  He  became  Cingular’s 
first  CIO  in  February  of  2001. 


CREATE  SYSTEMS  BLUEPRINT 
AND  CHOOSE  YOUR  WEAPONS 

Arroyo’s  first  action  was  to  do  an  inventory 
of  Cingular’s  existing  potpourri  of  IT  sys¬ 
tems,  which  numbered  1,400  at  that  time. 
The  goal  was  to  select  target  platforms  and 
systems  to  which  the  company  would  work 
to  consolidate,  with  the  usual  anticipated 
benefits:  lower  costs,  easier  maintenance. 

Arroyo  says  the  process  of  choosing  those 
technology  standards  is  not  a  simple  matter, 
particularly  in  the  area  of  software  applica¬ 
tions.  Obvious  considerations  include  func¬ 
tionality  and  cost  of  ownership;  often  there 
is  a  trade-off  between  those  two.  Then  there 
are  further  questions  to  answer:  Which  ones 
have  custom  interfaces  that  will  need  rebuild¬ 
ing?  Where  are  the  applications  (and  hard¬ 
ware  platforms)  in  their  normal  life  cycle? 

Arroyo’s  group  mapped  its  future  require¬ 
ments  (based  on  information  such  as  antici¬ 
pated  company  growth,  as  well  as  desired 
additional  functionality  described  by  the 
business)  and  then  created  “decision  matri¬ 
ces”  to  help  weigh  all  the  factors.  Arroyo  is 
willing  to  reveal  some  of  the  final  decisions — 
for  example,  BEA  Systems’  WebLogic  is  the 
corporate  standard  for  application  servers — 
but  says  some  choices  are  still  in  process,  and 
others  have  not  yet  been  communicated  to 
the  existing  vendor  base. 

ENGAGE  THE  BUSINESSFOLK 

A  vital  note:  These  standardization  decisions 
weren’t  a  case  of  “IT  coming  back  to  the 
business  and  saying,  ‘We’ve  chosen  this  plat¬ 
form,”’  says  Arroyo.  Instead,  cross-func¬ 
tional  teams  composed  of  the  affected  busi- 


CALL  CENTER  CONSOLIDATION  TIME  LINE 

Cingular  set  an  aggressive  timetable  for  shuttering  60  disparate  call  centers  and  opening  20  new  ones 
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Word  on  the  Street: 
Migrate  to  Linux. 
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Merger  Integration 


nesses  and  lead  by  IT  rated  each  option.  The 
process  has  worked  well;  Arroyo  says  well 
over  90  percent  of  the  initial  system  recom¬ 
mendations  have  been  approved. 

Business  oversight  of  the  call  center  mi¬ 
gration  undertaking  went  all  the  way  to  the 
top.  Dowling’s  merger  office  provided  proj¬ 
ect  leaders  and  project  managers.  Project 
teams — which  also  included  personnel  from 
the  existing  call  centers — reported  back  to 
Cingular’s  CEO,  CIO,  CFO  and  COO  on  a 
weekly  and  monthly  basis. 

THE  BILLING  CONVERSION 
EXAMPLE:  MAKE  HASTE  SLOWLY 

The  most  crucial  pieces  of  software  in  the 
contact  center  arsenal  are  the  customer  care 
and  billing  applications.  Mess  up  that  migra¬ 
tion  effort  and  customers  get  messed  up 
bills — a  sure  recipe  for  lost  business. 

No  surprise,  then,  that  the  reduction  from 
1 1  billing  systems  to  a  single  standard  isn’t 


done  yet.  Arroyo  describes  the  current  state 
as  an  “intermediate  convergence  plan,”  with 
all  the  new  call  centers  running  one  of  two 
systems  by  the  end  of  this  year.  One  is  a  pack¬ 
aged  application  from  San  Jose,  Calif.-based 
Amdocs;  the  other  is  a  home-cooked  system. 

Arroyo  says  the  final  jump  to  a  single  sys¬ 
tem  is  slated  for  2003,  but  that  last  hurdle  is 
the  biggest,  involving  the  most  risk.  Part  of 
the  holdup  is  the  difficulty  of  defining  bill¬ 
ing  system  requirements  three  years  out,  as 
the  wireless  technology  standard  called  3G 
emerges.  “Right  now,  as  we  look  toward  that 
end  state,  there  are  more  unknowns  than 
knowns,”  Arroyo  says. 

Just  whittling  down  to  two  systems  was 
hard  enough.  Wireless  companies  have  liter¬ 
ally  thousands  of  rate  plans  (varying  by  type 
of  customer,  geography,  preferred  calling 
patterns  and  discounts,  and  many  other  vari¬ 
ables).  To  move  customers  from  a  given  leg¬ 
acy  system  to  the  Amdocs  application,  for 


example,  the  IT  group  looked  at  every  func¬ 
tion  point  and  every  rate  plan  in  the  old  sys¬ 
tem  to  ensure  they  were  accurately  repre¬ 
sented  in  the  target  platform.  Any  function¬ 
ality  gaps  were  closed.  Next,  IT  ran  identical 
data  through  both  systems  in  parallel,  and 
examined  the  output  discrepancies.  All  dis¬ 
crepancies  were  fixed  or  satisfactorily  ex¬ 
plained.  Next  came  massive  migrations  of 
customer  data  and  historical  account  data 
from  the  legacy  system,  which  took  place 
two  weeks  prior  to  the  actual  system  con¬ 
version  date.  After  a  final  “go/no  go,”  the 
changeover  occurred  when  IT  workers 
switched  all  agent  desktop  devices  from  the 
old  system  to  the  new.  (Even  then,  Cingular 
kept  its  legacy  systems  running  for  a  few 
months  after  conversion,  as  a  backup.)  In  a 
few  cases,  Arroyo  says,  the  changeover  date 
was  pushed  back,  for  example  when  call  cen¬ 
ter  agents  required  additional  training  before 
going  live  with  the  new  system.  But  delays 


It's  true!  The  numbers  are  in  and  it  all  adds  up.  Unicenter,  the 
global  leader  in  infrastructure  management  solutions,  can  deliver 
a  whopping  663%  ROI.  Just  ask  IDC.  It's  right  there  in  their 
recent  white  paper.  And,  because  Unicenter  is  now  modular,  you 
can  buy  just  the  pieces  you  need,  just  when  you  need  them. 
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663%  Return  on  Investment 
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usiness  oversight  of  the  call 
center  migration  undertaking 
went  all  the  way  to  the  top. 


were  brief  and  generally  Cingular’s  billing 
system  changeovers  have  gone  according  to 
schedule.  Easing  the  consolidation  challenge 
is  the  fact  that  all  applications  and  servers  are 
maintained  centrally  in  Cingular’s  two  data 
centers  (in  Atlanta  and  Dallas)  rather  than 
in  multiple  call  center  locations. 

NO  FLASH  CUTS 

Just  as  Cingular  followed  a  careful  process 
for  gradually  moving  from  one  billing  sys¬ 
tem  to  the  next,  the  company’s  move  from 
its  old  physical  locations  to  the  new  ones 
was  done  gradually  (rather  than  by  “flash 
cut,”  turning  one  center  off  and  the  other 


on  at  the  same  time).  Cingular’s  name  for 
this  gradual  movement  is  a  tumble. 

The  new  centers  are  located  in  less  cosmo¬ 
politan  areas:  Lubbock,  Texas;  Ashland,  Ky.; 
Ocean  Springs,  Miss.  Feidler  notes  that  loca¬ 
tion  decisions  are  critical.  Staffing  is  the  great¬ 
est  ongoing  cost  in  call  centers,  so  minimizing 
turnover  while  controlling  wages  is  vital  for 
efficient  operation.  Cingular  relied  heavily 
on  a  third-party  site  selection  outsourcer  to 
choose  its  new  locales.  Cingular’s  aim  was 
to  be  an  “employer  of  choice,”  yielding  high¬ 
er  job  satisfaction  for  its  agents  and  thus  for 
its  customers.  The  first  supercenters  were 
built  from  scratch,  but  for  speed  and  cost  rea¬ 


sons  the  later  additions  were  frequently  in 
abandoned  Kmarts  and  similar  facilities. 

Old  centers  were  kept  online  as  the  new 
ones  came  up,  with  calls  sent  to  one  or  the 
other  to  keep  the  load  balanced  between  the 
two  while  systems  were  tested,  new  employ¬ 
ees  were  trained  and  the  kinks  were  worked 
out  in  the  newly  opened  facility. 

That  gave  Arroyo  some  much  needed 
flexibility  when  inevitable  delays  came  up — 
sometimes  over  IT  issues,  sometimes  not.  He 
says  telecommunications  infrastructure 
proved  the  biggest  headache.  He  attributes 
those  challenges  not  to  telecom  provider 
problems  but  to  the  difficulty  of  anticipat¬ 
ing  Cingular’s  requirements  for  things  like 
phone  circuits. 

“What  makes  it  complicated  is  all  the  vari¬ 
ables — Do  you  have  your  power  supplies? 
Have  the  HVAC  requirements  been  met  so 
I  can  get  my  servers  in  the  room  on  time? — 
many  of  them  outside  the  control  of  the  IT 


All  while  still  enjoying  the  benefits  of  pay-as-you-go  licensing.  So  there's 
no  better  way  for  your  company  to  realize  its  true  potential.  And,  if  you're 
the  CIO,  there's  no  better  way  for  you  to  realize  yours. 

To  read  the  white  paper,  just  go  to  ca.com/unicenter/roi. 
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What  makes  call  center  consolidation 
complicated  is  all  the  variables— many  of  them 
outside  the  control  of  the  IT  department. 

-CIO  THADDEUS  ARROYO 


department,”  Arroyo  says.  Again,  the  grad¬ 
ual  tumbling  plan  provided  some  breathing 
room  even  as  Cingular  replaced  all  its  call 
centers  in  less  than  a  year. 

DON’T  STOP  THINKING 
ABOUT  TOMORROW 

While  Arroyo  and  company  aren’t  finished 
migrating  and  standardizing,  they  neverthe¬ 
less  are  moving  forward  with  other,  brand- 
new  IT  initiatives  as  well.  “Wireless  is  a  large 
business  that’s  very  complex  at  the  customer 
level,”  says  COO  Feidler.  “IT  in  the  long  run 


is  one  of  the  fundamental  opportunities  to 
differentiate  yourself.” 

One  key  project  on  tap  is  a  move  to  a 
global  routing  infrastructure,  which  will 
allow  Cingular  to  route  a  service  call  to 
whichever  call  center  is  best  equipped  to  han¬ 
dle  the  issue — even  if  the  caller  and  agent  are 
entirely  across  the  country  from  each  other. 

Another  project  is  the  construction  of 
knowledge  bases,  which  will  further  im¬ 
prove  the  speed  and  accuracy  with  which 
call  center  agents  answer  service  questions. 

Cingular  hired  10,000  call  center  employ- 
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LEARN  MORE:  For  insight  into 
Cingular’s  consolidation,  read  an 
interview  with  COO  Mark  Feidler  at 
www.cio.com/printlinks. 


ees  in  2001.  As  Feidler  puts  it,  “When  you’re 
bringing  together  10  or  11  companies,  it’s 
impossible  to  train  everyone  on  all  the  sub¬ 
tleties  overnight.”  So  Cingular’s  leadership 
team  is  excited  about  the  construction  of 
knowledge  bases,  which  will  give  contact 
center  reps  more  context  for  answering  con¬ 
sumer  inquiries  than  a  simple  script  can  pro¬ 
vide.  The  knowledge  bases  will  include  neu¬ 
ral  network  technology  for  intelligent  sort¬ 
ing  and  searching  of  the  information  most 
likely  to  be  relevant,  as  opposed  to  relying 
on  simple  keyword  searches.  The  underlying 
technology  is  from  Service  Ware  of  Oakmont, 
Pa.  Twenty-five  business  analysts  (not  from 
the  IT  group)  got  underway  early  this  year 
in  capturing  and  analyzing  Cingular’s  cus¬ 
tomer  interactions  to  start  building  the 
knowledge  bases,  which  will  also  be  accessi¬ 
ble  through  the  Web  for  customer  self-service. 

Cingular  (which  spent  all  that  media  blitz 
money  advertising  the  tagline  “Express  your¬ 
self”)  isn’t  very  expressive  when  it  comes 
to  revealing  metrics  and  cost  savings — for 
competitive  reasons.  But  Compass  America’s 
Pitasi  offers  an  interesting  cross-industry  per¬ 
spective  on  the  importance  of  systems  stan¬ 
dardization:  Studying  a  decade’s  worth  of 
banking  mergers,  Pitasi  found  that  companies 
that  “went  like  Sherman  through  Georgia” 
and  forced  acquired  companies  onto  stan¬ 
dard  systems  were  usually  able  to  continue 
to  grow,  while  those  that  left  disparate  sys¬ 
tems  in  place  after  an  acquisition  “were  later 
acquired  themselves,  almost  without  excep¬ 
tion.”  Since  Cingular’s  biggest  competitor, 
Verizon  Wireless,  has  undergone  a  similar 
consolidation  effort,  competitive  pressure 
alone  would  indicate  Cingular  has  taken  the 
right  approach  to  forging  its  business.  FgPl 


Executive  Editor  Derek  Slater  writes  about  integration. 
Send  him  your  merger  stories  at  dstater@cio.com. 
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To  get  the  most  out  of  the  IT  investments  you’ve  made  in  the  past,  you’ll 
have  to  integrate  them  in  the  future.  In  a  customer-focused,  e-business 
world,  you’ve  got  to  be  able  to  move  and  use  data  from  any  point  in  the 
value  chain  at  any  time.  Your  applications  must  work  together  and 
share  information  freely.  You’ll  need  both  technological  and  procedur¬ 
al  integration.  This  will  require  both  leadership  and  innovation. 

Please  join  us  at  the  Fourth  Annual  CIO  100  Symposium ®  &  Awards. 

■  Learn  how  this  year’s  CIO  100  Award  Winners  and  other  IT 
executives  have  structured  and  designed  their  integrated  enterprises 

■  Find  out  which  technology  innovations  will  transform  the  way 
business  gets  done 

■  Take  away  great  ideas  for  leading  your  own  business  into  an 
integrated  future 
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CIO  casts  a  skeptical 
eye  on  some  of  the  most 
talked  about  tech  trends 


Mi 
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Reader  ROI 

►  Learn  why  biometrics  is  still 
years  from  widespread  use 

►  Find  out  what  business  process 
outsourcing  really  means 

►  Determine  whether  collaboration 
tools  are  worth  the  effort 

►  Discover  how  a  computing  grid 
may  fit  into  your  future 

►  See  why  open-source  software 
is  gaining  respect— but  slowly 


, 


amazing  how  the  message  never 
changes.  Economy  good?  Buy  more  tech!  Economy 
bad?  Buy  more  tech!  The  sales  tactics  change  a  bit 
when  budgets  get  tight,  of  course.  But  you  can  bet  that 
a  bevy  of  tech  vendors  is  dying  for  a  chance  to  show 
you  their  latest  low-cost,  high-value  point  solution 
that  practically  guarantees  an  instantaneous  return  on 
investment  and  lower  total  cost  of  ownership. 

And  that  means  it’s  a  good  time  to  revive  CIO’s 
Five  Uneasy  Pieces.  Here  we  round  up  a  quintet  of 
hyped  technologies  and  give  you  the  lowdown  on  the 
problems,  how  the  vendors  hope  to  solve  them  and 
the  facts  behind  the  fiction.  Whether  you’re  contem¬ 
plating  biometrics,  business  process  outsourcing, 
collaboration  tools,  grid  computing  or  open-source 
software,  we  have  some  insights  to  share. 

-Christopher  Lindquist,  technology  editor 
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BIOMETRICS 


_ 1 


Security  at  Your  Fingertips 


Unlike  a  password 
or  key-card, 
users  never  forget 
their  fingers,  voices 
or  eyeballs. 

says  Chris  Christiansen,  program  vice  presi¬ 
dent  of  Internet  infrastructure  and  security 
software  at  IDC. 

And  while  biometrics  has  been  in  devel¬ 
opment  for  U.S.  and  European  governments 


/  BUSINESS  PROCESS  OUTSOURCING 


Take  My  Process,  Please 


The  Problem 

CIOs  realize  that  passwords  are  not  enough 
to  insulate  their  networks  from  hacks. 
Passwords  suffer  from  two  significant  prob¬ 
lems:  Interlopers  can  easily  guess  them,  and 
users  frequently  forget  them.  And  studies 
show  that  providing  the  support  necessary 
to  get  new  passwords  to  absentminded 
users  costs  as  much  as  $300  per  year  per 
employee. 

The  Hype 

Enter  biometrics.  Both  the  media  and  vendors 
have  been  showering  this  up-and-coming 
$119  million  market — which  consists  of  face, 
voice,  fingerprint,  hand  and  eye  recognition 
systems — with  oceans  of  attention,  accord¬ 
ing  to  Framingham,  Mass.-based  analyst  firm 
IDC  (a  sister  company  to  C/O’ s  publisher, 
CXO  Media).  And  unlike  a  password  or  key- 
card,  users  never  forget  their  fingers,  voices 
or  eyeballs. 

The  Facts 

Despite  the  hype,  Earl  Perkins,  an  analyst 
with  Meta  Group  in  New  Orleans,  says  it 
will  take  at  least  another  four  years  before 
biometric  security  solutions  become  main¬ 
stream. 

“If  you  want  millions  of  people  using  bio¬ 
metrics,  all  of  the  hardware  manufacturers 
and  all  of  the  software  developers  have  to 
agree  on  a  specific  programming  interface. 
They’ve  been  working  on  a  biometric  [pro¬ 
gramming  interface]  for  two  years  and  are 
nowhere  near  agreement,”  says  Perkins. 

But  the  biggest  challenge  to  biometrics 
becoming  the  mainstay  of  enterprise  secu¬ 
rity  is  also  the  biggest  headache  for  CIOs: 
the  logistics  and  cost  of  putting  a  biometric 
solution  on  every  desktop  and  laptop  in  the 
company. 

“You  have  to  recognize  that  having  an  IT 
person  install  the  hardware  and  the  software 
on  a  broad  scale  gets  to  be  very  expensive,” 


The  Problem 

You’ve  got  a  load  of  noncore  processes  that 
you’d  love  to  never  hear  about  ever  again. 
A  plethora  of  vendors  and  consultants  who 
are  billing  themselves  as  business  process 
outsourcers  are  eager  to  help. 

The  Hype 

If  your  core  business  is  developing  the  most 
irresistible  stuffed  animal  on  the  market, 
for  example,  why  waste  time  and  resources 
on  such  tangential  activities  as  accounts- 
receivable  processing  or  warehouse  admin¬ 
istration?  You  need  them  done,  but  it  might 
make  more  sense  to  let  an  expert  handle  the 
tasks.  Business  process  outsourcing  (BPO) 
is  the  hottest  thing  on  the  sourcing  scene 
right  now.  Gartner  in  Stamford,  Conn.,  pre¬ 
dicts  BPO  will  be  a  $300  billion  market  by 
2004.  And  if  you  punch  the  term  into  a 
search  engine,  vendors  boasting  of  BPO 


for  more  than  20  years,  it’s  still  not  perfect. 
Some  systems  are  still  difficult  for  humans  to 
use,  and  they’re  subject  to  error. 

While  substantial  challenges  remain, 
some  organizations  are  successfully  using 
biometrics  to  crack  down  on  fraud  and  safe¬ 
guard  sensitive  information.  For  example, 
two  nonprofit  hospitals  in  Washington,  D.C. 
(EMC  Medical  and  MedStar  Health),  use 
iris  scanning  technology  from  Moorestown, 
N.J. -based  Iridian  Technologies  to  control 
access  to  patient  data  and  restricted  areas 
of  the  hospital. 

“Since  we  put  in  our  current  system  back 
in  September,  I  have  not  seen  a  false  rejection 
on  anyone,”  says  Craig  Feied,  director  of 
informatics  for  emergency  services  at  EMC 
Medical  and  MedStar  Health.  “The  last 
thing  we  want  is  a  security  model  that  pre¬ 
vents  patients  from  getting  the  care  they 
need,”  he  says. 

-Meridith  Levinson 


prowess  will  literally  spill  off  the  page.  When 
you  really  look  at  what  BPO  is — engaging 
a  third-party  vendor  to  handle  an  internal 
process  you’d  rather  not  waste  time  and 
resources  doing  yourself — you  realize  it’s 
been  going  on  for  years.  Just  look  at  payroll 
processors  like  ADP.  So  what’s  the  big  deal 
about  BPO? 

The  Facts 

During  the  current  economic  slump,  busi¬ 
ness-starved  consultants  have — in  many 
cases — simply  relabeled  plain  old  outsourc¬ 
ing  in  order  to  hype  a  “brand-new”  prod¬ 
uct  for  themselves.  Worse,  BPO’s  definition 
is  often  so  broad  that  it  becomes  meaning¬ 
less.  “Depending  on  how  you  define  [BPO], 
it  can  represent  the  entire  economy,”  says 
Christine  Overby,  an  analyst  with  Forrester 
Research  in  Cambridge,  Mass.  For  exam¬ 
ple,  a  lot  of  companies  offer  “outsourced 
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logistics”  as  an  example  of  BPO.  But  com¬ 
panies  have  been  outsourcing  tasks  such  as 
outbound  logistics  for  years  to  companies 
such  as  FedEx  and  UPS.  Similarly,  when 
asked  to  provide  examples  of  BPO  com¬ 
monly  in  play  today,  John  Hagerty,  an  ana¬ 
lyst  with  AMR  Research  in  Boston,  included 
hiring  a  law  firm  to  handle  legal  matters 
instead  of  having  in-house  counsel. 

Others,  such  as  Jose  Cunningham,  man¬ 
aging  director  of  the  Outsourcing  Institute  in 


/  COLLABORATION 


The  Problem 

If  you’re  going  to  have  a  truly  integrated 
supply  chain,  one  that  allows  you  to  see 
your  partner’s  inventory  while  your  partner 
is  immediately  aware  of  the  demand  on  your 
end,  you  need  tools  to  facilitate  that  high 
degree  of  transparency  and  connectivity. 

The  Hype 

Collaboration  tools  are  becoming  a  standard 
piece  of  the  modern  Internet,  with  everything 
from  instant  messaging  for  individuals  to  col¬ 
laborative  workspaces  on  B2B  sites. 

In  theory,  collaboration  tools  and  prac¬ 
tices  allow  every  company  involved  to  ben¬ 
efit  from  their  business  partners’  product 
information — such  as  inventory,  price  and 
the  manufacturing  schedule. 

The  Facts 

Soviet  Communism  worked  in  theory,  and 
we  all  know  how  that  turned  out.  In  a  sense, 
collaboration — in  its  truest  cross-supply- 
chain  form — strives  for  business  commu¬ 
nism.  At  the  very  least  it  requires  companies 
to  give  up  their  greatest  competitive  advan¬ 
tages,  the  aforementioned  information  and 
knowledge.  And  that’s  assuming  that  the 
technological  hurdles  presented  by  a  com¬ 
pany’s  own  systems  can  be  overcome. 
Simple  collaboration  is  happening.  Jim 
Wicker,  vice  president  of  information  tech¬ 


Washington,  D.C.,  trim  the  definition  to 
include  only  IT-intensive  functions  or 
processes  like,  say,  benefits  administration, 
call  centers  and  contract  manufacturing.  But 
this  still  doesn’t  sound  like  anything  partic¬ 
ularly  unique.  In  any  event,  Gartner  Analyst 
Rebecca  Scholl,  who  views  BPO  as  a  dis¬ 
tinct,  expanding  market,  acknowledges  that 
a  lot  of  the  services  that  vendors  are  label¬ 
ing  BPO  don’t  fit  any  definition.  “Lots  of 
vendors  trying  to  reposition  as  BPO  pro¬ 


nology  for  Dynamex,  a  Dallas-based  same- 
day  transportation  company,  collaborates 
with  FedEx  and  other  shippers  through 
XML  connections  and  Web  interfaces.  It’s 
a  good  way  to  do  business,  but  Wicker  says 
that  anything  more  than  purchases  and 
orders  would  require  too  many  cultural  and 
business  process  changes  to  be  feasible.  And 
this  level  of  collaboration  is  an  option  only 
if  a  potential  collaborator  doesn’t  have 
information  trapped  in  legacy  systems.  If 
your  own  systems  aren’t  up  to  snuff,  “what 


The  Problem 

Most  companies  have  scores  of  servers  and 
desktop  systems  that  sit  idle  much  of  the 
time.  What  a  waste!  Why  not  put  those 
unoccupied  processors  to  use  on  some  of 
your  biggest  computing  problems? 

The  Hype 

IBM,  Sun  and  other  major  vendors  are  all 
abuzz  about  grid  computing.  The  basic  idea 
of  grid  (a.k.a.  “distributed  computing”  in  its 
previous,  more  academic  incarnation)  is 
this:  Tie  many  small  computers  together 


viders  are  just  doing  IT  outsourcing,”  she 
says.  “They’re  providing  an  application. 
They’re  not  really  responsible  for  a  process.” 

So  what’s  the  take-away  for  CIOs?  There’s 
a  definite  payoff  in  engaging  in  many  activ¬ 
ities  that  have  been  labeled  business  process 
outsourcing.  But  don’t  go  looking  for  a  busi¬ 
ness  process  outsourcer — just  define  the  spe¬ 
cific  process  you  want  handled,  and  then 
find  someone  who  can  handle  it  for  you. 

-Eric  Berkman 


is  the  point?  Why  should  I  open  my  kimono 
and  show  you  my  data  when  I  know  that 
my  data  isn’t  any  good?”  says  Andy  Macey, 
vice  president  of  supply  chain  for  consul¬ 
tancy  Sapient  in  Cambridge,  Mass. 

Even  if  your  data  is  in  an  easily  exchange¬ 
able  form,  it  probably  isn’t  in  an  industry¬ 
wide  standard  format.  Without  standards, 
suppliers  have  to  tailor  their  data  to  each 
business  partner.  And  even  if  they  could  do 
that,  letting  their  customers  know  how 
much  they  paid  for  a  certain  product,  or 
how  much  they  have  in  stock,  flies  in  the 
face  of  accepted  business  practices. 

-Ben  Worthen 


and  use  them  as  a  sort  of  supercomputer. 
Biotech  and  animation  companies — both  of 
which  require  massive  computing  firepower 
for  gene  sequencing  and  scene  rendering, 
respectively — report  early  successes  with 
grid  technology. 

In  the  long-term  grid  vision,  users  will  be 
able  to  harness  grid-computing  power  even 
outside  their  firewalls.  Businesses  will  plug 
into  the  grid  and  tap  that  power — and  pay 
for  it — only  as  needed,  just  like  electricity. 
Throw  the  light  switch  on,  the  juice  starts 
flowing  and  the  meter  starts  running.  Turn 


So  (Un)Happy  Together 


GRID  COMPUTING 
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Grid  and  Bear  It 


112  CIO  MAY  1,  2002  •  www.cio.com 


Mind-Boggling  Performance. 


Meet  the  Passport 
8600  Routing  Switch. 

Let's  talk  performance  -  with  scalability  up  to  128  Gbps  of 
switching  capacity  and  penalty-free  QoS,  all  wrapped  up  in  a 
fault-tolerant  chassis,  we’re  talking  some  serious  hardware. 
Couple  that  with  a  variety  of  10/100,  Gigabit  Ethernet,  Packet 
over  SONET  and  ATM  ports  and  Nortel  Networks™ 
you  begin  to  see  why  were  so  is  a  Global  Leader  in  L2-7 
passionate  when  we  talk  about  Ethernet  Switching 
delivering  world-class  high  performance  LAN/MAN/WAN 
connectivity  for  Enterprise  networks.  From  the  physical  to  the 
logical,  we've  designed  all  aspects  of  this  product  to  be  easy  to 
install,  operate  and  maintain.  It’s  designed  to  provide  protection 
strategies  at  multiple  levels  to  deliver  99.999%  reliability.  And 
talk  about  flexible  -  the  Passport™  8600  is  available  in  a  3-slot 
chassis  for  small  Enterprise  networks;  a  6-slot  chassis  designed 
for  backbones  in  which  space  is  at  a  premium  and  lower  density 
is  desired;  and  a  10-slot  chassis  designed  for  backbones 
that  need  the  highest  levels  of  availability  and  scalability. 
The  possibilities  are  mind-boggling.  To  learn  more  about  the 
Ethernet  switching  capabilities  Passport  8600  enables,  visit 
nortelnetworks.com/passport8600. 

Nortel  Networks,  the  Nortel  Networks  logo,  the  Globemark  and  Passport  are  all  trademarks  of  Nortel  Networks.  ©2002 
Nortel  Networks.  All  rights  reserved.  ‘Dell'Oro  report,  4Q'01. 


IT  Trends 


the  switch  off,  the  meter  stops.  No  more 
wasted  capacity. 

The  Facts 

Critics  of  grid  computing  point  out  that 
interenterprise  grids  face  considerable  secu¬ 
rity  hurdles  (see  “Power  Pool,”  Emerging 
Technology,  April  1,  2002).  However,  most 
companies  will  aim  to  build  internal  grids 
first,  using  only  the  resources  behind  their 
firewalls.  Even  there,  most  enterprises  will 
have  to  wait  for  the  maturation  of  another 
emerging  technology — Web  services — before 
grids  can  hit  the  mainstream. 

The  reason  is  simple:  Most  applications 


were  not  written  to  run  in  a  distributed  man¬ 
ner.  “Applications  are  the  number-one  bar¬ 
rier,”  says  Songnian  Zhou,  CTO,  chairman 
and  cofounder  of  Markham,  Ontario-based 
grid  vendor  Platform  Computing.  “Every 
time  you  shift  architecture — mainframe  to 
PCs  [for  example] — the  apps  you  are  going 
to  use  were  designed  before  this  era.”  In  fact, 
the  inability  to  break  monolithic  business 
applications  into  bite-size  pieces  is  one  of 
the  hurdles  that  has  kept  the  oft-promised 
mainstream  arrival  of  massively  parallel 
computing  hardware — which  effectively 
does  in  one  machine  what  a  grid  does  across 
many — out  of  the  mainstream  for  decades. 


Meta  Group  Service  Director  Nick  Gall 
says  there  is  progress.  Web  services  offers  a 
promising  attempt  at  making  applications 
more  granular  (see  “Make  Way  for  Web 
Services,”  at  www.cio.com/arcbive).  David 
Knight,  vice  president  of  applications  and 
business  services  at  Portera,  a  Web  services 
hosting  company  in  Campbell,  Calif.,  says 
that’s  simply  because  developers  are  writing 
new  applications  from  the  ground  up  with 
the  distributed  processor  model  in  mind. 
Still,  it  will  take  some  time — perhaps  a  cou¬ 
ple  of  years — for  the  vendors  to  recast 
today’s  commercial  off-the-shelf  software 
into  a  grid-friendly  mold.  -Derek  Slater 
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Open?  For 

The  Problem 

Windows  is  expensive;  Microsoft  is  a  mono¬ 
poly  (some  say);  Redmond  makes  apps  for 
the  enterprise,  but  not  your  enterprise. 

The  Hype 

Linux  has  gained  ground  owing  to  well- 
publicized  installations  at  companies  such  as 
Cendant,  Dominion  Resources  and  Schlum- 
berger,  plus  backing  from  heavyweight  ven¬ 
dors  including  IBM.  Who  knows  what  else 
open-source  software  can  do  for  you? 

The  Facts 

It’s  very  difficult  to  find  anyone  who  criti¬ 
cizes  the  technical  quality  of  Linux.  By  all 
reports,  it’s  at  least  as  scalable  and  secure  as 
Windows — if  not  significantly  more  so. 
Nevertheless,  Linux  still  has  a  big  hurdle  to 
jump  before  it  gets  beyond  niche  status  in 
corporate  America.  The  hurdle  isn’t  techni¬ 
cal — it’s  perceptual. 

cio.com _ 
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business? 

“There  is  a  sort  of  stigma”  attached  to 
open-source  software  in  the  more  conserva¬ 
tive  corners  of  the  business  world,  says 
Michele  Rosen,  program  manager  at  IDC. 
“In  today’s  world,  where  people  have  so 
much  information  to  process,  preconcep¬ 


tions  can  be  a  detriment,”  adds  Rosen  (who 
speaks  positively  about  the  actual  quality  of 
the  software). 

In  fact,  the  most  commonly  touted  ben¬ 
efits  of  open  source  (it’s  cheap — and  you 
can  modify  the  code)  are  precisely  what 
creates  the  poor  perception  in  some  cor¬ 
ners.  Modifying  or  extending  an  operating 
system  is  the  last  thing  most  CIOs  want  to 
do.  Actually,  it  is  a  bit  of  a  red  herring  for 
conservative  companies  who  mistakenly 


think  that’s  the  major  selling  point  for 
open  source.  The  real  advantage  comes 
from  the  communal  development  process, 
which  has  yielded  good,  efficient  code. 

Apache’s  open-source  program  has  sur¬ 
mounted  the  perception  problem,  account¬ 
ing  for  more  than  half  the  Web  servers  in 
use  today,  according  to  oft-cited  statistics 
compiled  by  Netcraft  ( www.netcraft.com ). 


But  sneaking  a  bit  of  open-source  software 
into  the  Web  admins’  server  farm  has  proven 
easier  than  getting  onto  the  servers  and  desk¬ 
tops  running  the  ERP  system.  It’s  a  task  that 
Linux  should  prove  equal  to,  given  time,  but 
the  adoption  rate  continues  to  lag  behind 
the  hype.  -D.S. 


If  you  have  your  own  candidates  for  overhyped 
technologies  or  processes,  tell  Technology  Editor 
Christopher  Lindquist  at  ctindquist@cio.com. 


The  most  commonly  touted  benefits  of  open 
source  (it’s  cheap— and  you  can  modify 
the  code)  are  precisely  what  creates  the  poor 
perception.  Modifying  an  operating  system  is 
the  last  thing  most  CIOs  want  to  do. 
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They  K 

_  J  ^  r 


Next  Summer 

/ r  I  17  T  T  )  Retailers  are  looking  to  rc 
y  JL  i  1C  V  I  1U  LJt./  technologies  to  find  uptic 


Uurmg  tne  Doom-Doom  ivvus, 

the  California  casual  dress  style,  popularized  by  legions  of 
silicon-collar  workers,  conquered  corporate  America.  Cadres  of 


Bill  Gates,  among  others,  appearing  on  TV  looking  very  chino. 
And  San  Francisco-based  clothing  retailer  Gap  led  the  charge  to 
outfit  them  all. 

Sales  rose  (besting  $13.6  billion  in  fiscal  2000,  up  from  $1 1  bil¬ 
lion  in  1999)  as  Gap  opened  Old  Navy,  took  its  Gap  and  Banana 
Republic  brands  global  and  entered  the  Web  channel.  But  it  turned 
out  that  keeping  up  with  demand  patterns,  planning  the  merchan¬ 
dise  mix  in  all  those  stores  (now  more  than  4,100  under  three 
brand  names)  and  determining  when  stores  should  receive  ship¬ 
ments  was  a  nightmarish  task.  Gaps  sales  continued  to  grow  with 
its  number  of  outlets  into  2001,  but  net  income  dipped  last  fall  as 
the  economy  entered  tougher  times,  and  red  ink  dripped.  Gap 
posted  an  $8  million  net  loss  for  2001,  and  said  it  would  close 
distribution  centers  in  Kentucky  and  Holland. 

a  a  a  ^  ^  i  t*  i  i  r  r  i 


Reader  ROI 


Understand  retailers’ 
struggle  to  improve  sales 
forecasts  using  IT 

Read  how  Sears  uses 
long-range  weather  reports 
to  stock  shelves 

See  how  retailers  use 
pricing  tools  to  sell 


cation,  pricing  and  optimization,”  says  Ken  Harris,  Gap’s  CIO. 
i  The  retail  industry  has  always  been  ripe  for  good  forecasting 


for  the  thousands  of  products  mass 
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merchants  carry,  the  myriad  stores  they  oper¬ 
ate,  the  impact  of  promotions  on  sales  and 
the  problems  merchants  can  encounter  with 
suppliers. 

Retailers  have  collected  vast  amounts  of 
point-of-sale  data  in  data  warehouses  for 
years,  but  they  haven't  had  the  means  to 
apply  it  effectively  to  their  planning  and  buy¬ 
ing  because  up  until  a  few  years  ago,  no 
computer  or  software  application  could 
process  all  of  that  data.  The  forecasting 
applications  available  today  offer  retailers 
better  results  because  they  incorporate  more 
than  just  historical  sales  into  their  forecasts. 
Technology  that  in  the  past  would  generalize 
inventory  needs  across  many  stores  now 
allows  big-chain  retailers  such  as  Federated 
Department  Stores  to  make  sophisticated 
decisions  about  the  needs  of  each  of  their 
outlets.  “These  new  methodologies  scale  to 
handle  much  higher  volumes  of  store  SKU 
[stock  keeping  unit]-level  forecasts,  and 
they’re  also  able  to  take  into  consideration 
a  broader  range  of  causal  factors,  such  as 
price,  consumer  response  and  the  promo¬ 
tional  context  of  a  sale,”  says  Greg  Girard, 
vice  president  of  retail  application  strategies 
for  Boston-based  AMR  Research. 

That’s  not  to  say  there’s  a  fresh,  clear  path 
to  profits  in  that  traditionally  brutal  mar¬ 
ket.  In  fact,  Bob  Muller,  vice  president 
of  inventory  management  at  KB  Toys  in 
Pittsfield,  Mass.,  says  a  new  planning  sys¬ 
tem  that  better  spells  out  the  needs  of  each  of 
his  company’s  1,400  stores  has  definitely 
improved  the  allocation  of  merchandise.  But 
external  factors,  such  as  consumer  confi¬ 
dence  declining  after  the  Sept.  1 1  terrorist 
attacks,  can  make  tabulating  the  benefits  of 
forecasting  a  tough  task.  “With  the  recent 
events  [of  Sept.  11],  it’s  obviously  much 
more  difficult  to  measure  the  impact  on  sales 
from  the  [calculations  about]  our  inventory 
that  we’ve  done,”  he  says. 

Still,  in  a  downturn,  forecasting  technolo¬ 
gies  are  vital  tools  for  retailers  looking  to 
stock  their  shelves  to  meet  reduced  demand. 
They  help  stores  and  warehouses  carry  less 
inventory  and  thus  incur  fewer  costs.  As 
the  strategic  investments  by  Federated,  Gap, 


Sears  and  others  demonstrate,  retailers  are 
digging  in  to  fight  for  long-term  gains.  (For 
more  on  dealing  with  overstock,  see  “Every¬ 
thing  Must  Go!”  Page  120.) 

Filling  in  Gaps 

AT  GAP,  CORPORATE  BUYERS  DID  NOT  HAVE  A 
forecasting  engine  to  crunch  sales  data  and 
help  predict  how  many  boot-cut  jeans  to 
buy  or  how  many  would  sell.  Instead,  Gap’s 
planners  and  buyers  had  to  gather  current 
and  past  sales  information  from  different, 
siloed  planning  and  allocation  systems  and 
analyze  it  on  their  own — a  slow  and  tedious 
activity — to  determine  what  to  buy,  how 


much  to  buy  and  when  clothes  should  arrive 
at  stores.  Often  data  was  duplicated  among 
those  different  systems,  which  affected  the 
accuracy  of  their  forecasts  and  decisions. 

Harris,  Gap’s  CIO  since  September  1999, 
says  he  recognized  that  the  planning  and 
optimization  tools  used  by  airlines  could  help 
his  company.  His  search  for  a  system  robust 
enough  to  handle  all  of  the  sales  data  from 
Gap’s  4,000  outlets  took  until  March  2001, 
when  Gap  began  implementing  planning  and 
forecasting  applications  from  Minneapolis- 
based  Retek,  a  retail  software  vendor.  Harris 
expects  to  be  fully  up  and  running  on  a  mer¬ 
chandise  planning  and  forecasting  system  as 
well  by  the  end  of  2002. 

“We  needed  this  ability  to  plan  and  fore¬ 
cast  in  the  same  tool,  have  visibility  into  our 
end-of-season  and  preseason  planning,  our 
inventory  position,  and  be  able  to  match  that 
up  very  quickly  to  our  receipt  planning 
and  make  adjustments  [as  necessary],”  says 
Diane  Silver,  Gap’s  vice  president  of  IT. 

With  the  system  from  Retek,  Gap  will 


have  a  common  set  of  tools  for  all  activities 
across  all  divisions.  It  will  integrate  preseason 
planning  activities  such  as  determining  how 
many  faux-fur  denim  trench  coats  to  stock 
in  New  York  City  stores  with  end-of-season 
activities  such  as  clearance  pricing.  The  tools 
also  will  help  planners  gauge  shoppers’  reac¬ 
tion  to  repricing  items  and  speeding  up  or 
slowing  down  shipments  of  clothes,  accord¬ 
ing  to  Michael  Barrie,  Gap’s  vice  president 
of  planning  and  forecasting  systems. 

And  the  new  system  will  give  merchants 
and  planners  visibility  into  each  other’s  plans, 
into  item-level  and  class-level  forecasts,  and 
into  the  financial  pulse  of  the  business,  says 


Barrie.  He  says  that  having  that  visibility  will 
help  merchants  and  planners  make  better 
decisions  about  what  to  allocate,  when  to 
mark  down  and  how  much  to  mark  down. 

“Every  item  in  a  store  is  an  investment,” 
says  Barrie.  “Given  the  size  of  our  company, 
those  are  very  sizeable  investments,  and  we 
want  to  get  the  best  possible  return  on  each 
of  those  investments,”  he  says.  So  if  stores 
receive  shipments  too  soon,  then  clothes 
remain  on  shelves  longer  and  the  company’s 
inventory  costs  climb  while  its  return  on 
inventory  investment  decreases.  “The  better 
you  can  make  [shipments]  just-in-time,  the 
higher  your  gross  margin  return  on  your 
inventory  investment  [will  be],”  says  Barrie. 
Silver  says  the  new  system  will  forecast  at  a 
very  detailed  style-color  level  based  on  a 
whole  series  of  factors  such  as  how  fast  an 
item  sells,  the  date  it  gets  put  on  a  shelf  in  a 
store  and  seasonal  sales  patterns. 

Having  an  integrated  system  with  “a  sin¬ 
gle  version  of  the  truth,”  she  says,  will  let 
merchants  and  planners  focus  on  decision 


Sears’s  weather  forecast  said 
less  snow.  Result:  fewer 
winter  coats  on  the  rack. 
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WORLD'S  THINNEST  NOTEBOOK 


MORE  INNOVATION  PER  OUNCE  THAN  ANy  OTHER  WIRELESS  NOTEBOOK. 


Introducing  the  new 
Portege®  2000  with 
Mobile  Intel®  Pentium®  III 
Processors  and 


The  New  Portege  2000  is  more  than  just  a  breakthrough  in  notebook  design.  It's  proof 
once  and  for  all  that  performance  does  not  have  to  be  compromised  by  portability.  Weighing 
just  2.6  lbs.  and  0.6  inches  thin,  the  new  ultra-slim,  ultra-light  Portege  can  easily  be  carried  just 
about  anywhere.  And  with  the  power  of  Windows  XP  Professional  —  the  best  choice  for  mobility 
and  security,  not  to  mention  fully  integrated  Wi-Fi  Wireless  LAN  —  you're  free  to  bring  your  office 


Microsoft®  Windows®  XP 


virtually  anywhere.  If  it's  innovations  you're  looking  for,  check  out  the  industry's  smallest  20  GB 


Professional  -  the  ultimate 
traveling  machine. 


HDD.  The  new  12.1  inch  TFT  poly-silicon  display.  The  long-life  Lithium-Ion  Polymer  battery 
technology.  And  the  power-saving  Mobile  Intel  Pentium  III  Processor  -  M.  The  Portege  2000  is 
just  the  kind  of  innovation  you'd  expect  from  Toshiba.  Minds  on  the  move. 


Portege  2000  Portable 


Perfect  balance  of  ultraportability  and  performance 


Incredibly  Thin 


Incredibly  Light 


8  Powerful  Mobile  Intel  Pentium  III  Processor  -  M,  750  MHz 

■  No  compromise  connectivity:  integrated  Wi-Fi,  fast  IR,  ethernet  LAN, 

Modem,  industry  standard  RGB  port,  2  x  USB 

■  No  compromise  expandability:  plug  and  play  Slim  Port  Replicator,  SD  card  slot  and  PC  card 
8  Ultra-thin  PC  -  2.6  lbs.1  and  0.6  inches  thin 

8  20  GB  Hard  Disk  Drive2 

8  12. 1  inch  brilliant  TFT  poly-silicon  display  and  keyboard  with  full-width  keycaps 
8  Up  to  6.5  hours  battery  life  with  included  High  Capacity  Battery3 
8  Windows  XP  Professional  -  the  best  choice  for  mobile  computing 


TOSHIBA 


kjfj; 

pentium 

3 

Toshiba  PC’s  use  genuine  Windows®  Operating  Systems 
www.microsoft.com/piracy/howtotell 


1.  With  primary  battery.  2.  GB  means  one  billion  bytes.  3.  Battery  life  may  vary  depending  on  applications,  power  management  settings  and  features  utilized.  Recharge  time  varies  depending  on  usage. 
©2002  Toshiba  America  Information  Systems,  Inc.  Portege  is  a  registered  trademark  of  Toshiba  America  Information  Systems,  Inc.  Intel,  the  Intel  Inside  logo  and  Pentium  are  trademarks  or  registered 
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countries.  All  other  products  and  names  mentioned  are  the  property  of  their  respective  owners.  All  specifications,  software,  prices,  and  availability  are  subject  to  change.  All  rights  reserved. 
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making  rather  than  gathering  information 
from  disparate  systems.  Also,  merchants  and 
planners  entering  the  system  through  soft¬ 
ware  on  their  desktops  will  be  able  to  see  the 
current  status  of  each  others’  plans  and  fore¬ 
casts.  That  visibility,  says  Barrie,  will  lead  to 
better  collaboration  and  decision  making. 

“It  won't  help  us  pick  better  product,” 
says  Barrie  of  the  system.  After  all,  buyers 
still  have  to  have  a  keen  sense  of  what’s  hip. 
“But  it  will  facilitate  more  efficient  decision 
making,”  he  adds. 

Better  Than  Your  Average 
Meteorologist 

TOUGH  TIMES  HIT  SEARS,  ROEBUCK  &  CO. 
last  October.  The  115-year-old  company 
laid  off  4,900  workers  and  announced  it 


would  change  the  layouts  of  its  stores  to  bet¬ 
ter  compete  with  discount  retailers.  The 
company’s  2001  revenues  were  down 
3.6  percent  from  the  previous  year.  Sears’s 
CEO  Alan  Lacy  promised  to  double  his 
company’s  profitability  during  the  next  three 
years  and  reduce  costs  by  $600  million  by 
ameliorating  order  management,  using  retail 
and  warehousing  space  more  efficiently,  and 
by  improving  inventory  controls.  A  weather 
forecasting  application  will  play  a  critical 
role  in  executing  Lacy’s  strategy. 

Since  1995,  Sears,  based  in  Hoffman 
Estates,  Ill.,  has  received  long-range  weather 
forecasts  from  Planalytics,  a  Wayne,  Pa.,  soft¬ 
ware  vendor.  Those  reports  complement 
other  traditional  planning  methods  such  as 
economic  forecasts,  company  decisions  about 


new  or  discontinued  products,  store  open¬ 
ings  and  closings,  and  competitors’  moves. 

The  weather  becomes  an  important  data 
point,  says  Jonathan  Rand,  director  of  mer¬ 
chandise  planning  and  reporting  at  Sears.  “If 
the  weather  impacts  traffic  in  the  store,  it’s 
going  to  impact  your  business,”  he  says.  Sears 
has  added  to  its  weather  forecasts  from 
Planalytics,  a  Web-enabled  decision  support 
tool  from  the  same  company  that  helps  the 
retailer  determine  what  actions  to  take  to  pre¬ 
vent  overstocks  and  understocks  based  on  the 
forecasts. 

Lor  instance,  when  Sears  did  its  inventory 
planning  for  December  2001,  it  took  into 
consideration  that  Planalytics  had  predicted 
that  month  to  be  warmer  than  normal  in 
the  Northeast.  Indeed,  during  early  De- 


ShopKo  CIO 
Paul  Burrows 


rice  optimization  technology  helps  ShopKo  move  slow-selling  stuff 


EVEN  WITH  ROBUST 
Forecasting  applications,  retail 
managers  live  with  the  knowl¬ 
edge  that  not  every  decision 
will  be  a  winner.  So  what  to  do 
when  left  with  all  those  winter 
hats,  mittens  and  scarves? 
in  July  2000,  Green  Bay, 


says  ShopKo  CIO  Paul  Burrows. 

Every  season,  ShopKo’s  141 
stores  are  left  with  excess  sea¬ 
sonal  merchandise  that  they 
relegate  to  the  clearance  aisle. 
The  stores  have  a  date  by 
which  they  must  sell  all  of  the 
merchandise  so  that  they  can 


A  feeds  the  application 
weekly  sales  data  by 
store  and  by  item  from 
its  merchandise  data  ware¬ 
house.  The  application  pro¬ 
cesses  the  sales  effect  of  its 
past  markdown  recommenda¬ 
tions  and  bases  future  recom- 


vidual  store  level, 

Burrows  says.  They 
might  start  with  a 
25  percent  discount  on 
swimwear,  then  three  weeks 
later  take  a  40  percent  reduc¬ 
tion,  then  60  percent  until  the 
last  bikini  was  gone.  It  cost 


Wis.-based  ShopKo  Stores 
began  piloting  Markdown 
Optimizer,  a  price  optimization 
application  from  Spotlight 
Solutions  in  Mason,  Ohio.  The 
idea:  Determine  the  price  at 
which  slow-moving  discounted 
goods  will  sell  while  still  mak- 


make  room  for  new  products. 

Burrows  says  the  goal  with 
clearance  merchandise  is  to 
get  rid  of  the  goods  without 
giving  them  away.  “The  more 
you  sell  during  the  first  mark¬ 
down,  the  fewer  are  left  even  if 
you  do  have  to  take  a  second 


ShopKo  18  cents  every  time  a 
store  clerk  marked  a  new  price, 
according  to  Burrows. 

Furthermore,  the  company 
was  taking  those  markdowns 
on  merchandise  across  the 
entire  chain,  regardless  of 
whether  the  goods  were  actu- 


mendations  on  that  data. 

ShopKo  saw  a  24  percent 
increase  in  its  gross  margin 
dollars  on  the  clearance  items 
it  tracked  during  the  pilot. 
That’s  better  than  Burrows 
expects  to  see  with  a  wider 
rollout.  “We’d  be  happy  if  we 


ing  a  profit. 


markdown,”  he  says. 


ally  selling  in  individual  stores.  were  in  the  10  to  15  percent 


“Retailers  tend  to  get  hit 
arder  when  there’s  a  turn- 
own  in  the  economy.  When 
hat  happens,  there’s  a  re¬ 
newed  focus  in  looking  under 
every  stone  for  ways  we  can 
optimize  what  we  have  today,” 


In  the  past,  planners  and 
buyers  took  on  average  four 
markdowns  on  apparel  because 
they  based  their  reductions  on 
how  similar  products  sold  on 
clearance  across  the  entire 
chain  rather  than  at  the  indi- 


That  reduced  the  company’s 
margins  on  that  merchandise 
even  more. 

Though  not  perfect  in  its  rec¬ 
ommendations,  Markdown 
Optimizer  is  a  lot  more  scien¬ 
tific.  Burrows  says  ShopKo 


range,”  he  says.  A  15  percent 
increase  in  gross  margin  would 
mean  adding  up  to  $15  million 
to  the  bottom  line  on  sales  of 
$100  million  worth  of  clearance 
items.  And  that  adds  up  to  a  lot 
of  mittens  and  gloves.  -M.L. 
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Business  Networks" 


Be  one  of  the  first  100  to  mail  or  fax  this 
completed  coupon  or  contact  APC  and  you 
will  receive  a  FREE  APC  Multiple  Outlet  Rack- 
mountable  Strip!  All  entrants  will  receive  APC's 
"Solutions  for  Business  Networks".  Better  yet, 
enter  today  at  the  APC  Web  site! 
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Legendary  Reliability1" 
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APC,  the  name  you  trust  for  power  protection,  also 
offers  a  comprehensive  line  of  non-proprietary  racks, 
rack  accessories  and  management  tools  that  provide 
you  with  the  flexibility  to  implement  a  highly  available, 
multi-vendor  environment.  APC  allows  you  to  create 
a  rack  environment  with  the  level  of  availability  you 


Look  for  these  other  great 
rack  accessories  from  APC 


Fixed  and  Sliding  Shelves 
Cable  Management  Shelves 
Fans 

Keyboards/Keyboard  Drawers 
Stabilization  Kits 
Power  Distribution  Units 


Visit  www.apc.com 
for  more  information! 


APC:  UPSs  and  So  Much 


require,  and  provides  you  with  the  accessories  and 
management  tools  to  maintain  that  level  of  availability 
over  time.  Our  expert  Configure-to-Order  Team  can 
custom  tailor  a  complete  rack-mount  solution  to  suit 
your  specific  requirements.  Contact  APC  today  and 
protect  your  rack  application  with  Legendary  Reliability'" 


Air  Distribution  Unit 


A  unique  2U  rack-mounted  fan  tray  unit  that  connects  into  raised 
floors  and  pulls  conditioned  air  directly  into  the  enclosure 

•  Dual  fans  provide  increased  airflow  needed  to  cool  densely  packed  equipment 

•  Improves  air  delivery  in  poor  static  pressure  areas 

•  Enhances  air  quality  to  rack  equipment  by  providing  30%  efficient  filtration 

•  Adjustable  depth  to  fit  most  leading  enclosures 


NetShelter®  VX  Enclosures 


Next  generation,  high-quality  enclosures 

•  Fully  ventilated  front  and  rear  doors  with  enhanced  ventilation  pattern  maximize  airflow 

•  Overhead,  base  and  side  cable  access  provide  easy,  integrated  cable  management 

•  Rear  Cabling  Channel  (42"-deep  versions  only)  allows  for  easy  installation, 
access  and  serviceability  of  both  data  cables  and  power  distribution 

•  Available  in  multiple  configurations:  35.5"-deep,  42"-deep,  beige  or  black 


NetShelter®  Open  Frame  Racks 


Economical  open  frame  solutions  for  wiring  closets  and  data  center 
networking  applications 

•  Designed  to  accommodate  networking  devices  such  as  hubs,  routers  and  switches 

•  Industry  standard  7-high  design  provides  45U  of  equipment  mounting  space 

•  Self-squaring  design  allows  one-person  assembly 

•  Made  of  high-strength  6061 -T6,  structural-grade  aluminum 


MasterSwitch™  Series 


Remote  power  distribution  for  network  administrators 

•  Users  can  configure  the  sequence  in  which  power  is 
provided  to  individual  receptacles  upon  start-up 

•  Built-in  Ethernet  interface  for  direct  connection  to  LAN 

•  Individually  control  8  on-board  power  outlets  for 
complete  and  flexible  management  of  attached  equipment 


APC  MasterSwitch w  VM 
shown  mounted  inside  a 
NetShelter  VX 


KVM  Switches 


Server  switches  designed  to  increase  system  availability  and  manageability 

•  4  and  8-port  models  available:  expandable  to  support  up  to  64  servers 

•  Models  available  that  support  Sun,  USB  and  PC  servers  simultaneously 

•  Built-in  scanning  feature  allows  you  to  automatically  monitor  your 
computers  without  intervention 

•  On  Screen  Display  (OSD)  functionality,  advanced  security  features 


ProtectNet® 


Data  line  surge  suppressors  for  comprehensive  network/PC  system  protection 

•  Protects  against  surges  and  electrostatic  discharge  traveling  through  data  lines 


LCD  Monitors 


High  quality  rack-mount  LCD  monitors  designed  to  maximize 
space  in  a  data  center  environment 

•  Provides  optimal  functionality  while  utilizing  only  1 U  (1 .75")  of  rack  space 

•  Includes  15"  LCD  monitor,  integrated  keyboard  and  integrated  pointing  device 

Cables 


APC  offers  a  comprehensive  line  of  cables  and  connectivity  solutions  to 
fulfill  the  connectivity  requirements  of  any  application  or  environment 
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To  order.  Visit  http://promo.apc.com  Key  Code  e812y 


FREE  APC  Multiple  Outlet  Rack-mounted 
strip  for  the  first  1 00  entrants! 

Call  888-289-APCC  x6388 


All  entrants  will  receive 
APC's  "Solutions  for 
Business  Networks" 

Pax  401-788-2797 


Legendary  Reliability 
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Forecasting  Technology 


cember  in  Boston,  temperatures  reg¬ 
istered  in  the  70s.  Planalytics  also 
suggested  that  the  milder  weather 
would  have  a  negative  impact  on  the 
sale  of  winter  coats.  To  mitigate  that 
risk,  Rand  says,  Sears  decided  not 
to  buy  as  many  heavy  coats  in  order 
to  avoid  taking  markdowns  at  the 
end  of  the  season.  He  says  the 
company  also  decided  to  change  its 
assortment  from  heavy-weight  wool 
coats  to  lighter-weight  leather  coats. 

Rand  says  that  Sears  cut  back  on 
its  inventory  buys  because  of  the 
weather  forecast.  Although  topline 
revenue  suffered  as  a  result  of 
those  scale-backs,  Sears’s  carrying 
costs  were  lower  because  it  was 
holding  less  inventory.  “Our  over¬ 
all  profitability  was  better  because 
we  didn’t  have  a  lot  to  mark 
down,”  he  says. 

Merchandise  planners  also  real¬ 
ized  that  the  mild  December 
weather  would  negatively  impact 
the  sale  of  snowblowers,  an  item 
the  retailer  sold  out  of  during  the 
winter  of  2000.  To  boost  snow¬ 
blower  sales,  Sears  advertised  zero 
percent  interest  rates  for  six  months 
on  snowblowers  on  the  front  page 
of  its  Sunday  circular  during 
September.  Sears  bet  that  con¬ 
sumers  would  remember  the  previ¬ 
ous  winter  and  that  they  wouldn’t  want 
to  be  left  in  the  cold  sans  snowblower. 
They  were  right.  Snowblowers  were  the 
top-selling  hardware  item  that  month. 

In  the  past,  buyers  used  the  average  num¬ 
ber  of  air  conditioners  Sears  sold  during  a 
particular  month  in  previous  years  to  deter¬ 
mine  how  many  air  conditioners  to  buy  for 
the  current  year.  Then  they’d  look  at  the  fed¬ 
eral  government’s  long-range  weather  fore¬ 
cast  or  the  Farmer’s  Almanac  to  get  a  sense 
of  how  the  weather  would  influence  con¬ 
sumer  behavior.  Rand  says  those  forecasts 
weren’t  very  accurate.  Finally,  the  buyers 
would  bet  on  the  number  of  air  condition¬ 
ers  they  thought  they’d  sell.  To  make  sure 


they  didn’t  run  out  of  merchandise,  Rand 
says,  buyers  would  bring  in  products  earlier 
in  the  season,  even  if  the  season  was  going  to 
start  later  than  normal.  “If  you  know  the 
season  is  going  to  start  late  based  on  the 
forecast,  you  won’t  bring  in  as  much  inven¬ 
tory  as  you  normally  would  and  therefore 
you  won’t  have  the  carrying  costs  associated 
with  that,”  he  says. 

Though  the  technology  provides  valuable 
information  and  insight,  there’s  still  the 
human  factor:  Buyers  at  Sears  still  have  to 
make  the  final  decision  about  what  they’re 
going  to  buy  and  how  much.  So  even 
though  the  technology  is  accurate  in  its  fore¬ 
casts  three  days  out  of  every  four,  there’s  still 


margin  for  error.  “Have  we  used  it  as  well 
as  we  should?  Absolutely  not,”  says  Rand. 

Rand  says  the  difficulty  of  using  the  tool 
lies  in  the  sheer  complexity  of  trying  to  pre¬ 
dict  sales.  He  also  says  that  local  store  man¬ 
agers  accustomed  to  using  historical  sales 
data  to  make  their  buying  decisions  are 
reluctant  to  start  using  a  software  tool — 
especially  weather  forecasts — when  they  are 
already  familiar  with  the  difficulty  their  local 
meteorologist  has  predicting  weather  for  the 
next  five  days.  To  overcome  that  resistance, 
Rand  says,  he  tracked  its  accuracy  (74  per¬ 
cent  correct  during  2000)  and  shared  those 
results  with  the  merchants.  “When  you  see 
how  accurate  it  has  been,  people  say,  ‘This 
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When  Yahoo! 

wanted  to 

empower  busiNesses, 

they  chose  Novell. 

How  does  Yahoo!®  Enterprise  Solutions  make  portal  products  shine?  Yahoo!  puts  the  power  of  Novell®  eDirectory'"  in  its 
enterprise  portal  solution.  With  it,  your  customers,  employees,  partners  and  suppliers  can  securely  access  the  information 
they  need  from  any  Web-enabled  device.  And  your  intranets,  extranets  and  the  Internet  can  work  as  one  Net.  The  result? 
More  productive  employees  and  lasting  relationships  with  partners  and  customers.  All  while  leveraging  existing  IT 
resources  to  increase  your  ROI.  To  learn  more  about  how  Novell  can  empower  your  business,  visit  www.novell.com 

Novell 

the  power  to  chaNge 


©  Copyright  2001  Novell,  Inc.  All  rights  reserved.  Novell  is  a  registered  trademark  and  the  power  to  change  and  eDirectory  are  trademarks  of  Novell,  Inc.,  in  the  United  Stales  and  other  countries. 
Yahoo!  is  a  registered  trademark  of  Yahoo!,  Inc. 


Forecasting  Technology 


is  darn  good,’  and  then  they  start  using  it. 
That’s  what’s  happening,”  he  says.  Rand 
declined  to  share  ROI  figures  but  said  the 
technology  has  more  than  paid  for  itself. 

One  Size  Does  Not  Fit  All 

IT  USED  TO  BE  THAT  CINCINNATI-BASED  FED- 
erated  Department  Stores  figured  it  had  the 
formula  for  an  ideal  store.  The  model  said 
that  every  Macy’s  should  stock  the  same 


number,  say  six,  of  a  certain  style  of  men’s 
shirts  and  keep  those  levels  consistent 
throughout  the  year.  The  systems  in  place 
regularly  reordered  10  percent  of  staple 
items  such  as  socks,  underwear,  hosiery,  cos¬ 
metics,  men’s  dress  shirts  and  cookware. 

It  didn’t  work.  Sometimes,  consumers 
couldn’t  find  items  they  wanted  and 
Federated  lost  potential  sales.  Other  times, 
goods  sat  vigil  waiting  for  shoppers  who 
weren’t  interested,  and  Federated  wasted 
money  on  unproductive  product  displays. 

“Six  is  not  the  right  number  [of  shirts]  52 
weeks  a  year.  Our  business  has  peaks  and 
valleys,”  says  Gale  Weisenfeld,  vice  president 
of  retail  technology  at  Federated  Mer¬ 
chandising  Group.  Federated  needed  a 
system  that  reacted  to  those  seasonal 
changes  in  demand  and  that  could  handle  a 
larger  number  of  items  for  its  more  than 
450  stores,  which  include  Bloomingdale’s, 
Burdines,  Goldsmith’s,  Lazarus,  Macy’s, 
Rich’s  and  The  Bon  Marche. 

In  1995,  Federated  Department  Stores 
began  running  an  Inforem  replenishment 
system  from  IBM  that  is  now  owned  by  i2 
Technologies.  Today,  30  percent  of  Fed¬ 
erated’s  total  sales  are  generated  from  basic 
items  that  are  automatically  restocked  using 


Inforem.  “Because  automatic  replenishment 
improves  sales  and  inventory  turnover  of 
these  basic  items,  we  seek  to  have  as  many  as 
possible  on  the  Inforem  system,”  says  Larry 
Lewark,  president  and  CIO  of  Federated 
Systems  Group,  a  division  of  Federated  De¬ 
partment  Stores. 

Lewark  says  the  system  delivers  a  cumu¬ 
lative  benefit  as  Federated’s  employees  gain 
experience  with  it.  And  additional  product 


sales  history  makes  forecasts  more  accurate 
going  forward. 

Inforem  has  halved  the  amount  of  items 
that  are  out  of  stock  each  month,  from 
10  percent  to  5  percent.  In  other  words,  now 
95  percent  of  all  merchandise  managed 
through  the  Inforem  system  is  on  the  sales 
floor  each  month.  Having  less  out  of  stocks 
means  more  boxer  shorts  and  high-margin 
designer  moisturizers  are  being  sold. 

By  looking  at  demand  in  real-time, 
Federated  can  replenish  in  real-time  rather 
than  order  backup  to  a  certain  number,  says 
Lewark.  “If  your  second  order  can  be  for 
four  rather  than  12,  you  get  a  much  more 
efficient  use  of  that  inventory  dollar.  The 
investment  in  inventory  comes  down  the 
faster  you  can  turn  your  products.  Turn  is 
everything  to  us.  We  constantly  look  at  the 
turn  of  merchandise  and  what’s  the  optimal 
turn  we  can  get  in  our  inventory,”  he  says. 

Since  inventory  carrying  costs  account  for 
approximately  15  percent  of  the  cost  of 

cio.com _ 

Read  more  about  FORECASTING 
TECHNOLOGY  and  how  KB  Toys  is 
using  it.  Visit  www.cio.com/printlinks. 


goods  sold,  then  inventory  carrying  costs  for 
Federated  in  2000  are  around  $1.6  billion, 
according  to  C/O’ s  math.  So  if  those  costs 
can  be  reduced  by  more  efficiently  replen¬ 
ishing  merchandise  and  lowering  inventory, 
then  Federated  can  free  up  millions  in  cash, 
says  Andrew  Macey,  a  supply  chain  consult¬ 
ant  at  Sapient  in  Cambridge,  Mass. 

Inforem  further  helps  Federated  minimize 
its  inventories  by  sensing  and  reacting  to 
sudden  changes  in  the  demand  chain  and  by 
helping  the  company  allocate  its  inventories 
more  effectively.  When  women  began  regu¬ 
larly  wearing  pants  to  work,  the  system 
noticed  a  corresponding  decrease  in  hosiery 
sales  and  a  corresponding  increase  in  sales  of 
trouser  socks.  Inforem  allowed  the  company 
to  order  more  socks  than  panty  hose  from 
manufacturers  to  keep  up  with  demand. 

And  that  ideal  store  model  is  gone. 
Federated  can  be  sensitive  to  individual  store 
profiles  and  react  to  whether  manufacturers 
such  as  Jockey  can  immediately  ship  panties 
to  Macy’s  East’s  100  stores.  Further,  when 
it  finds  out  that  a  manufacturer  is  in  short 
supply  of  underwear,  Federated  can  select 
which  stores  to  ship  those  coveted  panties 
and  shorts  to  based  on  data  in  Inforem 
telling  merchants  where  the  garments  will 
sell  the  best.  “We  have  each  size  of  Jockey 
underwear  in  400  stores  across  our  com¬ 
pany.  The  system  is  far  better  able  to  tell  us 
which  stores  are  selling  which  size  and 
where  to  put  that  inventory  than  a  buyer 
ever  could  manually,”  says  Laurie  Wilson, 
Federated’s  senior  vice  president  of  planning. 

Though  business  was  less  than  stellar  last 
year  (same-store  Christmas  sales  dipped 
8.6  percent,  and  2001  operating  income 
dropped  to  $1.1  billion,  about  one-third 
lower  than  2000),  Lewark  says  Inforem 
helps  Federated  mitigate  the  effect  of  a  reces¬ 
sion  on  its  business.  “Without  these  systems, 
we  would  have  more  exposure  to  having  the 
wrong  inventory  [in  an  economic  down¬ 
turn],”  he  says.  They’d  be  buried  in  socks 
up  to  their  underwear!  QE1 


Senior  Writer  Meridith  Levinson  ( mlevinson@cio 
.com)  covers  B2C  e-commerce  and  retail  for  CIO. 


ederated’s  stores  halved  the 
number  of  out-of-stock  items. 
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This  is  the  Qwest  Virtual  Private  Network.  People  obsessed  with  privacy. 
Firewalls  and  security  standards  built  into  the  Qwest  OC-192  network,  one 
of  the  most  advanced  broadband  networks  in  the  world.  Keeping  your 
information  for  your  eyes  only.  This  is  securely  reconfiguring  your  network 
in  the  blink  of  an  eye.  This  is  you  sleeping  through  the  night  without  the 
cold  sweats.  This  is  realizing  private  isn’t  private  enough  anymore.  This  is 
one  reason  more  than  half  of  the  Fortune  50(f  ride  the  light. 
qwest.com  1-800-RIDE-QWEST  1-800-743-3793  ext  1318 


Voice  Solutions 


Data  Solutions 


Internet  Solutions 

I— Virtual  Private  Network 


Managed  Solutions 


ride  the  light 

west 


Qwest  provides  Network  VPN  connectivity  in  the  United  States  and  select  countries  around  the  world.  In  the  states  of  AZ,  CO,  IA,  ID,  MN,  MT,  ND,  NE,  NM,  OR,  SD,  UT,  WA  and  WY,  Qwest  provides  Internet  services  in  conjunction  with  a  separate  Global 
Service  Provider  (GSP)  that  provides  customers  connectivity  to  the  global  Internet.  Minimum  one-year  term  of  commitment.  Local  loop  service,  additional  customer  equipment,  and  installation  additional.  ©2002  Qwest  Communications  International  Inc. 
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CUSTOMER  FOCUS 

►  KNOWLEDGE  MANAGEMENT 

PROJECT  MANAGEMENT 
VALUE  PROPOSITION 


COMPANY  INFO 

REVENUE 

NA 

ANNUAL  BUDGET 

$18.8  billion  in  2001 

HEADQUARTERS 

The  Navy  Yard,  Washington,  D.C. 

EMPLOYEES 

45,000 

MISSION 

Engineers,  builds  and  supports 
ships  and  combat  systems  for 
the  U.S.  Navy 

URL 

www.navsea.navy.mil 


KM  PROBLEM 

Capture  and  share  employees’ 
knowledge  and  experience  about 
the  Navy’s  acquisition  life  cycle 
processes 


THE  PLAYER 

TOM  EDEN 

Director,  acquisition  logistics 
division 


THE  EXPERT 

JERRY  ASH 

Founder  and  chief  executive,  The 
Association  of  Knowledgework 

URL 

www.kwork.org 


The  Naval  Sea  Systems  Command 


Building 
a  Better 

Battleship 

The  Naval  Sea  Systems  Command  finds  the  best  approach 
to  knowledge  management  is  one  step  at  a  time 
BY  STEPHANIE  OVERBY 


THINK  YOU’VE  GOT  procurement  problems?  Try 
buying  battleships.  The  Naval  Sea  Systems 
Command  (NAVSEA),  which  engineers,  builds 
and  supports  the  entire  U.S.  Navy  fleet,  manages 
more  than  130  acquisition  programs  worth 
about  $20  billion  a  year  for  everything  from 
solid  waste  shredders  to  next-generation  nuclear 
aircraft  carriers.  Yet  NAVSEA  historically  had 
no  established  rules  for  running  those  hundreds 
of  programs.  And  during  the  years  it  takes  to 
build,  say,  a  ship  or  a  submarine,  NAVSEA 
invariably  lost  many  of  its  employees  to  retire¬ 
ment  or  new  tours  of  duty.  Out  went  the  expe¬ 
rience  those  employees  gained  about  the  acqui¬ 
sition  process  and  in  came  increased  time  and 
costs  to  re-create  that  knowledge. 

In  1999,  NAVSEA  began  to  look  for  a  solu¬ 
tion  to  its  problems  and  found  an  answer  in  the 
form  of  a  knowledge  management  database  of 
acquisition  best  practices.  But  getting  the  data¬ 
base  was  only  one  challenge  for  NAVSEA,  head¬ 


quartered  in  Washington,  D.C.  NAVSEA  had 
to  get  its  45,000  team  members  working  around 
the  country  to  participate  in  the  new  KM  sys¬ 
tem.  Given  that  the  Navy’s  culture  emphasizes 
internal  competition  rather  than  cooperation, 
instilling  the  need  to  share  information  was  a 
tough  roadblock. 

But  NAVSEA  did  eventually  win  over  many 
of  its  workers  with  the  benefits  of  the  acquisition 
knowledge  database.  And  in  the  process,  NAV¬ 
SEA  developed  its  own  best  practices  for  knowl¬ 
edge  management  implementation:  Take  it  slow 
and  show  people  why  it  pays  to  share. 

Shape  Up  or  Ship  Out 

The  origins  of  the  acquisition  knowledge  data¬ 
base  go  back  to  the  Clinton  administration. 
Tom  Eden,  then-director  of  NAVSEA’s  Acquisi¬ 
tion  Reform  Office,  and  others  in  the  armed 
forces  were  charged  by  the  former  president  to 
improve  the  way  they  bought  things.  Acquisi- 
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tion  at  NAVSEA  is  a  protracted  process — 
building  a  ship  or  a  high-tech  warfare  system 
takes  several  years.  And  once  a  ship  or  sys¬ 
tem  is  delivered,  the  cost  to  operate  it  is 
roughly  80  percent  determined.  So  in  an 
effort  to  cut  costs  and  reduce  the  number  of 
sailors  required  to  operate  a  ship  or  system, 
the  Navy  wanted  to  focus  on  the  way  its 
products  were  made  much  earlier  in  the 
process.  “We  wanted  to  make  sure  we  were 


getting  what  we  wanted  along  the  way, 
rather  than  waiting  until  we  get  the  prod¬ 
uct  years  later,”  Eden  says. 

Eden  oversaw  the  acquisition  reform 
process  that  aimed  to  reduce  the  money  and 
time  spent  to  get  a  product  to  the  fleet.  As 
part  of  that  effort,  Eden  sought  to  introduce 
a  set  of  best  practices  for  NAVSEA  acquisi¬ 
tions.  In  the  past,  if  one  of  NAVSEA’s  buy¬ 
ers  in  Rhode  Island  wanted  to  learn  about 


“What  KM  had  wrought 
was  a  vastly  improved, 
easier  way  of  getting 
the  business  done. 

It  was  a  great  morale 
booster  and  the  single 
greatest  factor  in 
marketing  KM  to 
employees.” 

-TOM  EDEN,  DIRECTOR  OF  NAVSEA'S 
ACQUISITION  LOGISTICS  DIVISION 


the  purchasing  process,  Eden  would  fly  in 
an  expert  to  conduct  a  workshop  in  person. 
Wouldn’t  it  be  better,  Eden  thought,  to 
instead  provide  continuous  access  to  expert 
knowledge? 

At  the  same  time,  NAVSEA’s  leadership 
was  concerned  about  the  maturing  work¬ 
force.  The  average  age  of  department 
employees  was  late  40s,  which  in  Navy 
terms  is  near  retirement.  There  was  concern 
about  all  that  knowledge  walking  out  the 
door,  even  in  the  civilian  ranks,  according 
to  Eden.  “We  needed  to  make  sure  that  the 
knowledge  that  supported  the  NAVSEA 
structure  was  preserved,”  he  says. 

Not  Another  Data  Dump 

Previously,  knowledge  management  at 
NAVSEA  and  elsewhere  in  the  Navy  con¬ 
sisted  of  throwing  together  websites,  an 
approach  Eden  knew  didn’t  work.  “They 
were  a  place  to  dump  data,  but  they  didn’t 
preserve  any  knowledge,”  he  says. 

So  Eden  and  his  team  began  to  work  with 
consultants  at  AMS,  a  Fairfax,  Va.,  consul¬ 
tancy,  to  figure  out  a  better  KM  battle  plan. 
First  they  defined  the  processes  within 
NAVSEA  that  needed  to  be  captured  in  a 
virtual  knowledge  management  environ- 
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EXPERT  ANALYSIS 

THE  QUID  PRO  QUO  OF  KM 

BY  JERRY  ASH 

IT  IS  FORTUITOUS  that  the  Naval  Sea  Systems  Command 
(NAVSEA)  gravitated  toward  knowledge  management 
while  developing  its  best  practices  database  because  the 
freeze  on  funds  now  need  not  stall  the  initiative.  On  the 
contrary,  it  may  well  allow  time  to  shift  the  emphasis  from 
database  construction  to  creation  of  a  knowledge-sharing 
environment  that  will  effectively  use  it.  The  key  to  a  suc¬ 
cessful  database  is  data  use. 

It  appears  that  NAVSEA  recognized  human,  Navy  and 
bureaucratic  culture  problems  only  after  it  decided  at  the 
top  what  it  would  do;  and  then  it  met  with  small  groups  to 
figure  out  how  to  do  it.  That's  a  classic  KM  mistake.  Resis¬ 
tance  should  have  been  gauged  and  dealt  with  long  before 
the  executives  set  sail. 

That's  because  knowledge  work  is  a  grassroots  activity, 
even  in  the  Navy.  A  database  can  capture  20  percent  of 
what  employees  know.  Any  directive  to  “do  it  the  KM  or 

Navy  way”  will  result  in  only  a  fraction  of  that.  It’s  not  so  much  what’s  in  the  desk 
drawerthat’s  at  issue;  it’s  what’s  in  the  mind.  Hence,  in  orderfor  KM  to  be  truly 
effective,  employee  buy-in  has  to  be  considered  from  the  start. 

While  a  goal  of  the  program  is  to  retain  knowledge  as  a  hedge  against  turnover, 
the  stakeholders  need  to  be  convinced  that  they  are  not  giving  it  away.  Rather,  they 
are  offering  their  knowledge  in  return  for  a  share  of  others’  knowledge.  The  combi¬ 
nation  will  make  them  more  informed  and  better  candidates  for  commendation 
and  promotion.  To  get  employees  on  board,  NAVSEA  should  assure  them  that  use 
of  the  database  will  lead  to  career  development. 

Like  many  organizations,  NAVSEA  seems  to  believe  that  employee  turnover  is  all 
detrimental.  In  a  true  knowledge-sharing  environment,  the  constant  turnover  in 
employees  can  be  a  gain  as  well  as  a  loss.  New  employees  will  bring  new  knowl¬ 
edge  and  innovative  ideas  to  the  teams.  Old  knowledge  will  blend  with  the  new  (in 
minds  as  well  as  computers)  before  people  move  on.  Organizational  knowledge 
then  becomes  dynamic  and  ongoing. 

Seen  in  this  way,  the  project  is  not  incomplete.  It  has  breathing  room  to  grow. 


Jerry  Ash  is  founder 
and  chief  executive  of 
The  Association  of 
Knowledgework 
( www.kwork.org ),  a 
Web-based  group 
composed  of  people 
from  90  countries 
who  are  engaged  in 
knowledge  work. 

He  can  be  reached  at 
jash@kwork.org. 


ment.  “We  sat  people  down  and  said,  ‘We’re 
going  to  look  at  where  information  comes 
from  and  start  mapping  how  it  flows  at  a 
gross  level  so  we  can  get  an  idea  of  how  the 
entire  acquisition  process  works,’”  says 
Eden.  He  met  with  individual  practitioners 
in  NAVSEA  to  come  up  with  a  list  of  16  best 
practices  they  wanted  to  safeguard,  includ¬ 
ing  the  total  ownership  cost  process  (the 
means  of  determining  the  life  cycle  costs  of 
a  ship  and  methods  for  reducing  those 
costs),  the  commercial  acquisition  process 
(defining  the  policies  and  procedures  for 
buying  off-the-shelf  items)  and  the  acquisi¬ 
tion  reform  process  itself. 

The  list  complete,  Eden  then  met  once  a 
week  with  six  or  seven  employees  involved 
with  a  particular  business  process  and 
potential  best  practice  in  order  to  figure  out 
how  to  translate  that  process  for  inclusion 
in  the  acquisition  knowledge  database.  He 
and  his  team  began  with  the  best  practices 
that  NAVSEA  management  determined 
would  have  the  greatest  potential  to  improve 
the  acquisition  process.  The  first  to  go  live 
in  the  knowledge  database  was  Eden’s  own 
community  of  practice,  acquisition  reform. 

The  process  to  identify  the  best  practices, 
prioritize  them  and  take  them  online  lasted 
from  December  1999  until  April  2001.  The 
ultimate  goal  of  the  KM  effort  was  to 
develop  a  library  of  best  practices  based  on 
NAVSEA’s  acquisition  life  cycles — from  set¬ 
ting  standards,  creating  RFPs  and  awarding 
contracts  to  product  delivery,  deployment 
and  decommissioning — that  promoted  an 
integrated  approach  to  capturing,  organiz¬ 
ing,  sharing  and  using  acquisition  knowl¬ 
edge  throughout  the  organization. 

Getting  Their  Sea  Legs 

Throughout  the  KM  implementation  pro¬ 
cess,  Eden  met  with  a  lot  of  resistance.  It  was 
particularly  difficult  to  get  NAVSEA 
employees  to  change  their  view  of  knowl¬ 
edge  from  that  of  a  personal  asset  to  an 
organizational  one.  “When  we  started  ask¬ 
ing  for  the  numbers  and  assumptions  asso¬ 
ciated  with  a  particular  process,  people 
would  say,  ‘That’s  confidential,”’  Eden  says. 


“Because  of  the  culture  of  the  Navy  and  the 
culture  of  bureaucracy,  people  were  reluc¬ 
tant  to  take  something  out  of  their  desk 
drawer  and  put  it  where  other  people  could 
access  it.”  After  all,  NAVSEA  and  the  Navy’s 
other  commands  were  set  up  with  creative 
tension  in  mind.  If  the  executive  program 
office  for  aircraft  carriers  seeks  money  for 
the  new  USS  Ronald  Reagan ,  it’s  in  compe¬ 


tition  with  the  executive  program  office  for 
submarines  looking  to  requisition  a  new  Sea 
Wolf.  As  a  result,  both  sailors  and  civilians 
working  at  NAVSEA  associated  privately 
held  knowledge  with  influence.  “It’s  not  any 
different  than  many  corporate  environments 
where  closely  held  knowledge  is  associated 
with  personal  power,”  says  Ray  Bjorkland, 
vice  president  of  consulting  services  for 
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Rick  and  Steve  both  evaluated 
enterprise  software. 


Rick  spent  a  few  months... 


Steve  spent  a  few  weeks... 


searching  Web  sites,  calling  suppliers 
for  materials,  requesting  information 
via  email  and  fax  and  compiling  this  data 
in  spreadsheets  for  further  study. 


logged  on  to  the  free  Web  site 
www.  EnterpriseSoftwareHQ.  com, 

learning  about  each  solution,  making 
instant  side-by-side  comparisons 
and  preparing  an  automated  RFP. 


What  was  Rick  thinking? 

Introducing  EnterpriseSoftwareHQ.  The  headquarters  for  evaluating  enterprise  software  and  services. 


www.EnterpriseSoftwareHQ.com 


An  information  service  provided  by  Thomas  Publishing  Company.  ©  2002  Thomas  Publishing  Company 


Enterprise  Software  I  HQ 


Case  Files  |  Knowledge  Management 

Federal  Sources  in  McLean,  Va.  “People 
think  that  knowledge  is  power,  and  if  they 
share  it,  nobody  will  value  them.” 

So  Eden  had  to  figure  out  a  way  to  cre¬ 
ate  a  reward  system  for  sharing  knowledge. 
“We’re  very  limited  when  it  comes  to  doing 
that,”  he  says.  “The  only  big  benefit  we  can 
offer  is  greater  efficiency.  We  can  make  your 
work  easier  for  you.”  Although  that’s  often 
the  only  benefit  that  ultimately  matters,  it’s 
tricky  to  convey.  “When  you’re  trying  to 
introduce  a  knowledge  management  system, 
it’s  not  just  a  matter  of  how  you  get  people 
into  the  mode  of  sharing  information,”  says 


“What  KM  had  wrought  was  a  vastly 
improved,  easier  way  of  getting  the  business 
done.  It  was  a  great  morale  booster  and  the 
single  greatest  factor  in  marketing  KM  to 
employees,”  says  Eden.  “Highly  paid  NAV- 
SEA  analysts  were  able  to  do  what  they  were 
paid  to  do  and  wanted  to  do — analyze  and 
think — versus  doing  secretarial  work,  run¬ 
ning  from  one  meeting  to  the  next,  trying 
to  make  sense  of  run-on  conversations  and 
constantly  answering  the  same  questions 
over  the  phone.” 

For  those  still  reluctant  to  climb  aboard, 
Eden  took  a  more  hard-line  approach. 


“Some  people  were  closef  isted  about  their 
knowledge.  But  in  the  end,  they  had  to  give  it  up.” 

-TOM  EDEN,  DIRECTOR  OF  NAVSEA’S  ACQUISITION  LOGISTICS  DIVISION 


Bjorkland.  “It’s  how  you  demonstrate  to 
them  that  sharing  information  will  make 
their  life  better.  You  have  to  show  people 
who  are  holding  information  that  if  they 
begin  to  share  it,  it  will  relieve  them  so  that 
they  can  do  even  grander  things.” 

In  order  to  exhibit  those  benefits  right 
away,  NAVSEA  went  about  its  KM  program 
one  best  practice  at  a  time.  “Our  main 
objective  was  to  give  immediate  value  to 
what  our  team  members  were  doing  right 
then — immediate  value  to  the  business 
process,”  Eden  says.  “So  we  had  to  say, 
‘We’re  going  to  take  this  one  part  of  what 
you  do  and  show  you  value  very  quickly.’” 
For  example,  members  of  one  group  work¬ 
ing  on  total  ownership  costs  concluded  that 
an  important  monthly  report  was  a  good 
candidate  for  improvement.  “They  used  the 
electronic  environment  we  had  prepared  to 
request  inputs  for  the  report,  comment  on 
the  data  through  discussion  threads,  and  edit 
and  issue  the  report.  In  the  process,  all  that 
history  was  systematically  stored  so  the  next 
time  the  report  would  be  even  easier  to  cre¬ 
ate.”  Before,  the  report  was  created  labori¬ 
ously  via  e-mails  and  in-person  meetings, 
and  it  involved  stacks  of  paper  and  mail. 


“Some  people  were  still  very  closefisted  and 
guarded  about  their  knowledge.  But  in  the 
end,  they  had  to  give  it  up  because  there  was 
going  to  be  no  other  way  of  doing  business 
with  everyone  else,”  Eden  recalls.  “We  had 
to  say,  ‘This  is  the  way  we’re  doing  things 
now,  and  if  you  want  to  accomplish  what 
you  have  to  do,  you’re  going  to  have  to  give 
that  piece  of  information  up.’” 

Winning  Battles,  not  the  War 

So  far,  NAVSEA  has  been  able  to  imple¬ 
ment  about  seven  of  16  best  practices  in 
the  acquisition  knowledge  database.  NAV¬ 
SEA  leadership  gave  Eden  and  his  team 
money  in  phases,  based  on  how  the  proj¬ 
ect  was  progressing.  But  last  spring,  when 
then-CIO  Jill  Garcia  made  the  case  for 
more  money  to  complete  and  expand  the 
project  to  the  executive  steering  committee 
and  NAVSEA’s  commander,  Vice  Admiral 
G.P.  Nanos,  she  met  with  resistance. 
NAVSEA  had  spent  about  $65,000  on  each 
best  practice  that  went  into  the  database. 
After  spending  nearly  half  a  million  dol¬ 
lars,  executives  began  to  squawk.  It’s  an 
issue  that  plagues  KM  efforts  at  any  organ¬ 
ization  that  doesn’t  have  a  bottom  line.  “It’s 


hard  to  justify  and  quantify  IT  investments 
in  a  top-line  organization  like  the  Navy 
where  funds  are  appropriated  by  Con¬ 
gress,”  says  Bjorkland.  “And  in  the  mili¬ 
tary,  you  can’t  necessarily  see  benefits  for 
months,  years,  even  decades.” 

Although  NAVSEA  continues  to  work  on 
getting  the  remaining  nine  best  practices  into 
the  acquisition  knowledge  database,  the 
executive  committee  has  frozen  any  further 
expansion  for  now.  “It’s  too  bad  because  it’s 
a  great  way  to  do  business,”  says  Eden,  who 
has  moved  on  to  become  director  of  NAV¬ 
SEA’s  acquisition  logistics  division.  Although 
Eden  says  the  benefits  were  clear  in  terms  of 
time  saved,  e-mail  reductions  and  meetings 
avoided,  they  were  never  quantified.  “We 
were  at  a  point  that  the  savings  were  evi¬ 
dent  to  the  community  members  and  to 
leadership,  and  that  seemed  to  suffice,”  he 
says.  “In  hindsight,  perhaps  we  should  have 
methodically  captured  the  savings  in  the 
interest  of  gaining  a  firmer  commitment  to 
doing  the  things  at  the  corporate  level  to 
grow  KM.” 

But  Bjorkland  thinks  the  knowledge  man¬ 
agement  movement  at  NAVSEA  and  else¬ 
where  in  the  armed  forces  will  continue  to 
advance,  if  only  little  by  little.  “Even  if  you 
start  with  baby  steps,  unless  you  can  figure 
out  a  way  to  leverage  it  at  the  highest  levels 
of  the  organization,  it  will  be  a  slow 
process,”  says  Bjorkland. 

Even  though  the  acquisitions  knowledge 
database  hasn’t  progressed  as  hoped,  Eden  is 
certain  that  it  represents  the  future  for 
NAVSEA.  “It’s  the  path  our  business  must 
take,  and  I  think  there’s  a  tacit  acknowl¬ 
edgement  of  that  by  top  management,”  says 
Eden.  “I  believe  it  will  be  given  renewed 
emphasis  eventually,  maybe  by  a  new  gen¬ 
eration  who  knows  that  a  virtual  environ¬ 
ment  is  just  as  real  as  a  plane  trip  to  see  the 
customer  or  a  packet  of  papers  you  can  hold 
in  your  hand.” 


Share  your  IT  war  stories  with  Senior  Writer 
Stephanie  Overby  at  soverby@cio.com.  Send  your 
KM  story  to  Senior  Editor  Megan  Santosus  at 
santosus@cio.com. 
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A  CRITICAL  NETWORK  CONNECTION  IS  DOWN.., 

BUSINESS  GRINDS  TO  A  HALT... 

DON'T  KNOW  WHERE  TO  LOOK? 


Introducing  the  PanView ™  Real-Time  Physical  Layer  Management 
Solution  from  PANDUIT®,  helping  businesses  minimize  network 
down  time  by  monitoring  the  physical  layer  in  real  time.  Based  on  the 
field-proven  PatchView™  Technology  from  RiT  Inc.,  the  PanView  System 
continuously  scans  patch  cord  connections  in  the  telecommunication 
room.  The  location  of  all  connections  is  stored  in  a  centralized  database, 
providing  network  administrators  with  the  accurate  information  needed  to 
quickly  and  efficiently  reroute  users  during  a  network  failure,  or  to 
reconnect  users  as  part  of  a  disaster  recovery  effort. 

Network  administrators  are  instantly  notified  of  any  patch  cord  change 
by  means  of  alert  messages.  This  insures  that  IT  personnel  can  respond 
before  the  inevitable  trouble  call  comes  in. 

The  system  also  supports  planned  maintenance  of  patch  cords. 

Through  the  use  of  innovative  LEDs  located  above  each  patch  panel 
port,  technicians  are  guided  through  all  patch  cord  changes  in  an 
easy  step-by-step  process. 

Contact  your  local  P4/V0L//7"  Representative  to  learn  more  about  the 
benefits  of  the  PanView  System  and  how  quickly  the  system  can  be 
working  ior  you.  Better  yet,  schedule  a  demonstration  of  the  PanView ™ 
System  —  the  future  of  physical  layer  management. 

Be  Future  Ready  with  PANDUIT 


PANDUIT  is  the  Leading  Global  Provider  of 
Network  Connectivity  Solutions 

Innovative  Technology  for  Your  Copper 
and  Fiber  Infrastructure 

a  Connectors 
■  Zone  Cabling  Systems 

a  Outlets 

a  Network  Rack  Systems 
a  Physical  Layer  Management  Systems 

a  Raceway  Systems 
a  Fiber  Routing  Systems 
a  Network  Grounding  Systems 
a  Network  Cable  Ties  and  Accessories 
B  Network  Identification  Systems 

To  receive  a  copy  of  our  PanView  System  Brochure, 
please  call  800-777-3300  or  e-mail  us 
at  ncginfo@panduit.com. 

For  technical  assistance,  call  866-405-6654. 
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Universally  Connected 

Thousands  of  “dumb  devices ”  are  coming  to  a  network  near  you 

BY  FRED  HAPGOOD 


Edited  by  Christopher 
Lindquist.  Send  your 
thoughts  and  ideas 
for  future  columns  to 
clindquist@cio.com. 


THE  GOOD  NEWS  for  CIOs  is  that  there  is  no 
mystery  about  the  next  big  step  in  IT.  However 
much  fog  there  might  be  around  biotechnology 
or  robotics  or  nanotechnology,  virtually  no  one 
would  disagree  that  during  the  next  few  years 


hordes  of  so-called  dumb  devices  are  going  to 
find  their  way  onto  corporate  networks.  In  the 
short-  to  mid-term,  this  influx  may  very  well 
overwhelm  the  resources  of  the  average  IT 
office.  And  in  the  long-term,  for  better  or 


Worldwide  roaming... PC  phone  charger.. .Hack  attacks. ..Scheduling  time 
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Emerging  Technology 


worse,  the  situation  could  change  IT 
beyond  all  recognition. 

There  are  two  classes  of  dumb  devices: 
sensors  (such  as  cameras,  microphones, 
counters,  meters,  scanners,  scales  and  po¬ 
sition  sensors),  which  measure  physical 
changes;  and  actuators  (motors,  lights, 
switches,  valves,  manipulators,  displays, 


loudspeakers,  printers  and  locks),  which 
impose  such  changes. 

The  primary  benefit  of  connected 
devices  is  that  they  can  communicate  or 
connect  with  just  the  right  person  at  just 
the  right  moment.  Instead  of  mainte¬ 
nance  technicians  visiting  each  machine 
on  a  set  schedule  or  checking  every  ma¬ 
chine  during  a  down  period,  networked 
sensors  could  send  specific  maintenance 
requests  (“Water  line  three  has  a  leak,” 
for  example)  to  the  best  technician  for 
that  particular  job,  ensuring  that  every 
visit  has  a  payoff. 

New  Feature; 

Less  Money 

When  David  Graham,  director  of  IT 
operations  at  Vignette,  a  content  man¬ 
agement  services  provider  in  Austin, 
Texas,  installed  network-monitoring 
devices  (from  NetBotz)  that  were  them¬ 
selves  networked,  he  was  able  to  patch 
facilities  management  right  into  the  heat 
sensors.  “It  took  a  bit  of  the  pressure 
off  us,”  he  says,  noting  that  facilities 
management  could  now  monitor  the 
sensors  directly.  Previously,  someone  in 
IT  needed  to  make  a  phone  call  when¬ 
ever  anything  started  going  wrong. 

Recently,  the  University  of  Louisville 


in  Kentucky  networked  its  printers 
(using  digital  printers  from  Xerox), 
allowing  users  to  drive  print  jobs  to  the 
most  efficient  and  convenient  printer  for 
each  job.  According  to  Ronald  L. 
Moore,  vice  president  of  IT  at  the  uni¬ 
versity,  the  returns  were  immediate  (at 
least  $500,000  a  year).  “The  more 


people  on  a  network,  the  greater  the 
synergy,”  he  remarks.  “Standalone 
devices  are  inherently  less  efficient — 
they  are  usually  idle  95  percent  of  the 
time....  Standalone  devices  will  always 
be  necessary,  but  they  should  be  the 
exception,  not  the  rule.”  His  experience 
is  not  unique.  Harbor  Research,  a 
Boston-based  strategic  consultancy, 
reports  that  device  networking  initia¬ 
tives  typically  pay  for  themselves  within 
two  years  or  less. 

Device  networking  also  leads  to  more 
flexible  services,  because  networked 
devices  usually  offer  more  powerful  fea¬ 
tures  and  interfaces  than  standalone 
models  do.  Don  McGill,  director  of 
voice  engineering  for  CNET  Networks, 
the  San  Francisco-based  technology 
news  company,  recently  moved  com¬ 
pany  headquarter’s  phones  onto  the 
internal  corporate  network  in  order  to 
add  new  features,  such  as  call  history 
management,  which  lets  users  quickly 
look  up  and  recall  previously  connected 
numbers.  However,  he  cautions  that  it 
can  be  frustratingly  difficult  to  get  peo¬ 
ple  to  understand  that  they  really  do 
need  training  to  get  the  most  out  of  net¬ 
worked  devices.  “If  you  announce  a 
class  in  Java  programming,  people  under¬ 


stand  they  need  it,”  he  says.  “A  class  in 
using  the  phone  tends  to  get  skipped.” 
(Louisville’s  Moore  makes  the  same 
observation  about  training  for  net¬ 
worked  printers.) 

User  Input 

Until  now,  most  devices  have  been  moni¬ 
tored  or  controlled  by  a  single  type  of 
user;  for  instance,  security  personnel 
watched  security  cameras.  Connecting 
devices  to  an  enterprise  network  could 
give  every  constituency  in  the  enterprise 
access,  letting  IT  departments  build  a  host 
of  new  applications  around  the  same 
peripherals.  In  the  case  of  security  cameras 
on  a  retail  floor,  for  example,  marketing 
might  use  the  feed  to  see  which  product 
displays  attract  traffic,  and  personnel 
could  watch  video  to  select  candidates  for 
extra  training. 

Those  tempting  attractions  explain 
why  research  companies  such  as  Harbor 
predict  that  by  2010  more  than  40  per¬ 
cent  of  all  potentially  networkable  elec¬ 
tronic  or  electromechanical  devices  will 
be  connected.  Cambridge,  Mass. -based 
Forrester  Research  reaches  similar  con¬ 
clusions,  predicting  sales  of  14  billion 
network-enabling  chips  by  that  year.  In 
short,  in  a  few  years  networks  will  start 
to  be  primarily  about  communication 
among  devices,  not  among  people. 

This  change  implies  a  radical  transfor¬ 
mation  in  how  we  will  configure  and 
manage  our  networks.  Bill  Peisel,  CTO 
of  NetSilicon,  a  device  connectivity  ven¬ 
dor  in  Waltham,  Mass.,  suspects  many 
of  those  networked  devices  will  be  com¬ 
municating  directly  among  themselves, 
making  peer-to-peer  a  more  common 
communications  model  than  client/server. 
And  security  will  be  more  about  good 
authentication  than  good  encryption. 
“It’s  not  that  important  to  encrypt  the 
room  temperature,”  Peisel  says.  “It  is 
important  to  deny  access  to  the  13-year- 
old  who  thinks  it  would  be  really  amus¬ 
ing  to  turn  off  the  heat  in  the  middle  of 
the  winter.”  Device-oriented  networks 


The  primary  benefit  of  wired 
devices  is  that  they  communicate 
or  connect  with  just  the  right 
person  at  just  the  right  moment. 
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"Tallan  is  different  from  other 

TECHNOLOGY  FIRMS.  THEY  GET  THE 

job  done.  Period.” 


Tallan 

Raise  Your  IT  IQ 


Most  of  our  client  comments  are  equally  flattering.  Why?  We  become  deeply  involved  in  clients’ 
businesses  -  delivering  software  development,  enterprise  infrastructure,  creative  design  and 
strategic  technology  direction.  Our  highly  skilled  project  teams  are  often  considered  to  be  valued 
members  of  clients’  IT  organizations.  Plus,  we  work  smarter  by  staying  on  top  of  the  best 
new  solutions  for  e-business/e-commerce,  data  warehousing,  supply  chain,  and  enterprise 
application  development.  The  result:  unmatched  client  satisfaction.  And  some  really  nice  quotes. 

Call  us  to  discuss  your  next  project  at  1-877-9TALLAN 
Or  visit  www.tallan.com 
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will  probably  need  to  be  more  robustly 
provisioned,  and  require  redundancy  and 
higher  levels  of  automated  maintenance 
built  in  at  every  level. 

“We  can  lose  a  patient  in  seven  sec¬ 
onds,”  says  Reza  Sharafi,  a  product  sup¬ 
port  engineer  at  Welch  Allyn,  a  medical 
diagnostic,  lighting  and  data-collection 
manufacturer  in  Skaneateles  Falls,  N.Y. 
“If  the  network  goes  down,  we  lose 
everything.  We  don’t  want  to  hear  that 
we  can  ‘just  reboot.”’ 

Device-oriented  networks  may  well 
make  it  more  difficult  for  companies  to 
determine  who  will  pay  for  what  devices 
and  network  services  as  well.  If  security 
is  perfectly  happy  with  the  old  cameras, 
for  instance,  who  pays  for  the  new  net¬ 
worked  models?  Suppose  security  needs 
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Will  CIOs  have  to  learn  more  about  field 
operations  or  will  field  managers  have  to 
learn  more  about  networking? 

Device  networks  also  seem  to  increase 
the  pressure  for  upgrades.  When  every¬ 
one  can  access  all  the  printers  in  an 
enterprise,  users  who  were  once  happy 
with  the  machine  in  their  office  start  to 
send  work  to  the  most  advanced  model 
available.  When  five  different  depart¬ 
ments  suddenly  find  their  hands  on  a 
device,  like  a  security  camera,  originally 
designed  for  just  one  user  type  the  natu¬ 
ral  next  step  is  to  tell  IT  which  new  mod¬ 
els  are  ideal  for  each  user. 

Management  Makeover 

It  also  seems  unlikely  that  the  manage¬ 
ment  structures  that  worked  when  the 


“We  are  now  at  the  point  where  we  can 
network  individual  gears  and  bearings.” 

-Joe  Carpenter,  president  and  CEO,  Swantech 


to  store  the  video  feed  for  only  24  hours, 
but  marketing  and  HR  want  to  preserve  it 
for  months?  Who  gets  billed  for  storage? 
Who  will  be  responsible  for  supporting 
the  software  that  will  implement  what¬ 
ever  bookkeeping  formulas  emerge  from 
all  these  complex  usage  patterns?  How 
will  priorities  be  set  in  a  time  when  doz¬ 
ens  of  devices  are  waiting  to  be  con¬ 
nected?  When  heating,  ventilation  and 
air-conditioning  (HVAC),  for  instance, 
becomes  a  network  device,  IT  issues  such 
as  network  security  and  provisioning  will 
affect  the  heat,  and  facilities  issues — such 
as  maintenance — will  have  an  impact  on 
the  network.  How  will  that  be  resolved? 

cio.com _ 

Read  Chris  Lindquist’s  TECH  TACT: 

NEW  TOOLS  FOR  NEW  JOBS, 

every  Monday  at  www.cio.com. 


ratio  of  connected  entities  on  an  enter¬ 
prise  backbone  to  users  was  two  or  three 
to  one  will  be  as  useful  when  that  ratio 
is  10  or  even  a  hundred  times  higher. 
“We  are  now  at  the  point  where  we  can 
network  individual  gears  and  bearings,” 
observes  Joe  Carpenter,  president  and 
CEO  of  Swantech,  a  Fort  Lauderdale, 
Fla.,  company  that  makes  networked 
diagnostic  equipment  for  industrial 
machinery. 

As  the  number  of  devices  on  the  net¬ 
work  increases,  some  observers  suspect 
that  field  operations  may  start  to  take 
over  the  management  of  network  issues 
specific  to  their  jobs.  Chantal  Polsonetti 
of  the  ARC  Advisory  Group,  an  auto¬ 
mation  consultancy  based  in  Dedham, 
Mass.,  points  out  that  field  and  network 
people  have  different  operating  cultures. 
CIOs  often  come  from  a  store-and- 
forward  world  in  which  fractions  of  a 
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Cool 
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USB  Phone  Power 

DELAYED  at  the  airport  again? 

Ah  well,  might  as  well  make  a  few 
calls— except  that  your  cell  phone 
battery  has  flat-lined.  Too  bad  you 
don’t  have  a  way  of  tapping  the 
juice  in  your  fully  charged  laptop. 
But  wait,  you  do. 

Power  product  manufacturer 
American  Power  Conversion  has 
introduced  a  line  of  power  cords 
that  let  you  charge  a  variety  of 
Ericsson,  Motorola  and  Nokia 
phones  from  your  laptop’s  USB 
port.  (Customers  outside  the 
United  States  can  also  get  cables 
for  Alcatel,  NEC,  Panasonic  and 
Siemens  phones.)  The  1.5-meter 
cable  lets  you  charge  the  phone 
while  you  make  calls  or  continue 
to  use  the  laptop— APC  claims 
that  the  power  drain  from  the  lap¬ 
top’s  battery  is  minimal.  You  can 
also  use  the  cords  to  provide 
long-term  talk  time  far  beyond 
the  capabilities  of  your  phone’s 
standard  battery. 

The  cables  are  available  now 
for  a  suggested  retail  price  of 
$19.95.  For  more  information  or 
to  order,  visit  www.apc.com. 

-C.L. 
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Gateway’s  Certification  Training. 

It’s  like  cross-training  for  your  IT  staff. 


With  Gateway  Certification  Training, 
your  IT  staff  will  be  prepared 
for  industry-standard  certifications. 

Conveniently  taught  online,  our 
in-depth  learning  programs  get  IT 
professionals  up  to  speed  on  the  latest 
technology  without  them  even  leaving 
their  desks.  It’s  a  great  way  to  maximize 
time  and  reduce  travel  costs  while  your  IT  staff  learns. 

And  with  our  many  levels  of  IT  training,  your  staff  will 
gain  valuable  information  on  a  broad  range  of  technology. 


From  training  courses  for  CompTIA® 
A+  certification  to  courses  on 
MCSE  certification,  our  preparatory 
programs  will  make  your  staff  more 
valuable  and  productive.  Gateway 
also  understands  that  education  is  an 
ongoing  process.  So  no  matter  at  what 
level  your  IT  professionals  are,  Gateway  is  sure 
to  offer  classes  that  will  challenge  them  and  progress 
their  skills  even  further.  When  it  comes  time  to  get  your  IT 
staff  certified,  there  is  no  better  training  partner  than  Gateway. 


Gateway  IT  Online  Learning  Library  Series 

Level  One:  IT  Network  Technician  Online  Learning  -  For  potenial  IT  professionals  preparing  for 
vendor-neutral  certification,  including  CompTIA  A+,  Server-1-  and  Network +.  $299  per  user  per  year2 

Level  Two:  IT  Network  Administrator  Online  Learning  -  For  IT  professionals  preparing  for  IS/IT 
administrative  certification,  including  CNA,  MCP,  CCNA  and  CCNP.  $799  per  user  per  year2 

Level  Three:  IT  Network  Engineer  Online  Learning  -  For  IT  professionals  preparing  for  IS/IT 
industry  certification,  including  MCSE  and  CNE.  $999  per  user  per  year2 


Call  for  additional  information  on  Gateway  learning  products. 


877-311-1445 

Come  into  your  local 
Gateway*  store. 

gateway.com 

1 

^Gateway 

AOL  Keyword:  Gateway 
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second  don’t  matter  that  much,  whereas 
in  the  world  of  physical  devices — where 
functions  can  have  safety  implications — 
even  small  delays  can  have  large  conse¬ 
quences.  While  the  technology  could 
wait  for  backbone  upgrades,  Swantech’s 
Carpenter  argues  that  this  delay  is  not 
necessary,  since  adding  local  resources 
can  make  devices  smart  enough  to  tackle 
many  network  issues  on  their  own.  Com¬ 
putation  lets  them  model  and  then  adapt 
intelligently  to  network  behavior;  local 
storage  lets  them  take  on  responsibility 
for  issues  such  as  reliability  (when  the 
network  goes  down,  device  storage 
kicks  in). 

Another  simple  name  for  the  transfor¬ 
mation  of  dumb  devices  into  smart  de¬ 
vices  is  automation.  As  more  devices  get 
smarter,  their  ability  to  repair  themselves 
will  only  increase,  and  the  number  of 
times  when  a  network  breakdown  will 
require  human  intervention  should  drop. 
When  that  intervention  becomes  neces¬ 
sary,  however,  it  will  likely  require  the 
technician  to  have  more  skills  and  train¬ 
ing  to  solve  the  problem. 

In  theory  that  seems  like  an  ideal  en¬ 
vironment  for  the  elaboration  of  a  glob¬ 
ally  outsourced  support  model,  having 
hundreds  of  thousands  of  superexperts — 
each  deeply  educated  in  a  few  specialized 
support  issues — monitoring  the  device 
networks  of  clients  around  the  world  and 
dealing  with  crises  as  they  erupt.  In  other 
words,  the  migration  to  device  network¬ 
ing  might  shrink  the  number  of  routine 
IT  support  issues  (through  smarter 
devices  and  more  local  management) 
while  outsourcing  the  remaining,  tougher 
problems. 

It  would  seem  like  a  gloomy  prospect 
for  conventional  IT  workers,  except  for 
one  consideration:  The  superexperts  are 
going  to  have  to  come  from  some¬ 
where — and  IT  may  prove  an  excellent 
training  ground.  ■ 


Fred  Hapgood  is  a  freelance  writer  based  in  Boston. 
He  can  be  reached  at  hapgood@pobox.com. 


UNDER  DEVELOPMENT 

Global  mobile  phone 

Phone  Away  from  Home 

A  MOBILE  PHONE  that  could  be  used  anywhere  in  the  world— regardless  of  the  protocol 
requirements  of  local  carriers— would  be  just  the  ticket  for  international  travelers.  That’s 
what  Bell  Labs  is  aiming  for  with  its  new  Common  Operations  (COPS)  software  architecture. 

COPs  is  designed  to  provide  global  roaming  access  across  all  existing  major  network 
types  as  well  as  emerging  third-generation  technologies.  The  software  can  even  work  with 
802.11  wireless  data  networks.  “The  architecture  could  be  extended  to  include  all  mobile 
network  types,”  says  Jack  Kozik,  director  of  enhanced  services  architecture  for  the  mobility 
solutions  group  at  Murray  Hill,  N.J. -based  Lucent  Technologies,  Bell  Labs’  parent  company. 

COPS  is  a  “protocol  gateway"  that  translates  data  based  on  various  types  of  wireless 
standards  into  a  single,  common  format.  The  technology  provides  an  interface  that  draws 
information  from  home  location  registers  (HLRs),  the  subscriber  databases  maintained  by 
each  carrier.  When  installed  on  a  carrier’s  servers,  COPS  automatically  generates  subscriber 
authentication,  authorization  and  location  data  from  normally  incompatible  networks.  It  also 
works  in  reverse,  sending  relevant  subscriber  information  back  to  the  home  carrier. 

COPS  acts  like  a  multilingual  translator.  “The  software  takes  data  that  might  be  ordinar¬ 
ily  incomprehensible  to  a  network  and  places  it  into  a  usable  form,”  says  Kozik.  “It  will  allow 
users  to  take  their  phone  and  their  services  along  with  them  wherever  they  may  roam.”  On 
the  subscriber  end,  all  that’s  required  is  a  dual-mode  CDMA/GSM  phone. 

A  pending  crop  of  3G  wireless  services,  including  instant  messaging,  streaming  media 
and  global  positioning,  promises  to  make  the  task  of  handling  roaming  subscribers  much 
more  complicated  and  expensive.  COPS  aspires  to  cut  carriers’  costs  by  streamlining  the 
interchange  of  subscriber  data.  “COPS  will  require  fewer  boxes  and  fewer  interconnections," 
says  Kozik.  The  technology  also  aims  to  help  carriers  support  multiple  network  types,  or  to 
migrate  from  one  network  protocol  to  another,  without  adding  or  converting  HLRs. 

Lucent  expects  to  begin  offering  products  integrating  COPS  architecture  to  its  equip¬ 
ment  customers  late  this  year.  -John  Edwards 
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They  could  have  chosen  anywhere  in  the 
world  for  their  new  World  Headquarters. 

They  chose  Southeast  Michigan's  Technology 
Cluster,  Automation  Alley. 


Covisint  is  the  newly  formed,  high-tech  company  that's 
revolutionizing  how  automotive  clients  bid  out,  purchase 
and  receive  materials  from  suppliers  to  get  products  to 
market  faster. 


Why  Michigan?  Because  of  our  infrastructure, 
talent  pool,  cost  of  living,  quality  of  life  and  business 
climate.  "There  is  a  tremendous  amount  of  high-tech  talent 
in  Michigan.  Innovation  started  here,  from  the  'radical1 
concept  of  the  assembly  line  in  1913,  to  collaborative 
computer-aided  design,  engineering  and  manufacturing. 
The  perception  of  smokestacks 

is  way  off,"  said  Kevin  English,  Covisint  chairman,  president 
and  chief  executive  officer. 


MICHIGAN 


Because  their  clients  are  global  and  they're  internet  driven, 
Covisint  could  have  located  anywhere.  They  looked  at  some 
of  the  logical  locations  you  expect  to  find  high-tech 
companies  and  a  high-tech  workforce.  They  looked  in 
Silicon  Valley,  Atlanta  and  several  other  locations  closely. 
They  chose  Michigan. 


EC  O  N  O  M  I  C 
DEVELOPMENT 
CORPORATION 


Call  1.800.946.6829  or  visit  www.michigan.org  for  information 
about  how  Michigan  can  work  for  you.  Covisint  did. 
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COMPANIES  TO  WATCH 

Talaris 


Making  Time 


Talaris  looks  to  ease  scheduling 

BY  SARAH  D.  SCALET 

TALARIS  doesn’t  want  to  be  just  the  next 
best  thing  to  a  personal  assistant;  it  aims 
to  be  better  than  a  personal  assistant. 
That’s  because  employees  themselves  are 
always  wanting  things — time-dependent 
services  such  as  conference  rooms,  flights 
and  restaurant  reservations,  which  might 
be  arranged  by  an  automated  calendar 
inside  the  corporate  firewall,  a  site  on  the 
public  Internet  or  a  hostess  who  answers 
the  telephone  at  a  small  restaurant.  “If 
this  were  nirvana,  and  corporate  budgets 
were  unlimited,  any  person  who  spends 
time  away  from  the  office  would  wind 
up  with  two  or  three  administrative 
assistants  who  work  around  the  clock,” 
says  Roman  Bukary,  Talaris’s  senior 
director  of  product  marketing  and  strat¬ 
egy.  But  these  days  are  hardly  nirvanic. 

That’s  where  Talaris  steps  in.  Named 
after  Talaria,  the  winged  sandals  of  mes¬ 
senger  god  Hermes,  Talaris’s  goal  is  to 


automate  the  process  of  arranging  those 
services.  The  company  got  its  start  when 
founder,  chairman  and  CEO  Patrick  W. 
Grady  was  working  at  Portivity,  a  sales- 
force  automation  company.  When  he 
asked  salespeople  how  to  improve  sales, 
what  he  heard  were  not  suggestions 
about  improving  the  product.  Instead, 
salespeople  wanted  help  with  the  secre¬ 
tarial  tasks  that  occupied  as  much  as  a 
quarter  of  their  time. 

Grady  and  cofounder  George  Gould, 
now  vice  president  of  quality  of  service  at 
Talaris,  started  to  dream  up  a  solution,  and 
in  June  1999  they  founded  the  company. 
Privately  held,  Talaris  has  gone  through 
three  rounds  of  venture  capital  funding 
and  hopes  to  break  even  “a  few  quarters 
out,”  Bukary  says. 

The  trick  to  making  Talaris  work,  of 
course,  is  in  the  execution.  Using  simple 
object  access  protocol  (SOAP)  and  other 


tching... 

Talaris  Corp. 

Headquarters  San  Francisco 
Founded  1999 
Employees  75 

Products  Talaris  automates  how 
corporate  customers  arrange  time- 
dependent  services,  such  as  conference 
rooms  and  flight  reservations. 

Reason  to  watch  Talaris  could  make 
Web  services  a  part  of  the  daily  routine. 

Hurdles  to  clear  Vendors  may  be 
wary  of  giving  up  a  piece  of  their  rela¬ 
tionship  with  the  customer. 

Web  link  www.talaris.com 


Technology  | - 

integration  methods,  the  software  must 
link  suppliers  and  customers  who  may  well 
have  a  vast  gulf  of  technology  between 
them.  “We  set  out  to  build  a  technology 
that  would  allow  the  supplier  to  transact 
with  Talaris  without  major  IT  expenses 
and  that  would  allow  the  user  to  have  an 
application  that  is  seamless,”  Bukary  says. 
“The  user  doesn’t  know  how  I  talk  to  the 
supplier.  I  will  deal  with  you  as  a  user  or 
you  as  a  supplier  at  the  highest  level  of 
sophistication  you  are  capable  of  today.” 
That  can  mean  just  a  telephone,  he  says, 
and  there’s  human  fallback  if  the  auto¬ 
mated  system  can’t  schedule  the  service. 

So  far,  Talaris  has  about  120,000 
service  suppliers  as  well  as  a  partnership 
with  Sabre’s  GetThere,  but  it  has  very 
few  installed  users.  Sun  Microsystems, 
another  partner,  is  rolling  out  the  ser¬ 
vice  to  its  first  300  users  and  hopes  to 
save  money  on  administrative  overhead. 
“Success  greatly  depends  on  getting  peo¬ 
ple’s  attitude  changed  about  how  they 
should  go  about  procuring  services,” 
says  Shahram  Moradpour,  senior  direc¬ 
tor  of  market  development  at  Sun.  “But 
we’re  starting  to  get  e-mails  from  peo¬ 
ple  asking  when  are  we  going  to  get  this 
thing  rolled  out?  People  want  to  use  it.” 

Perhaps  that’s  because,  as  Aberdeen’s 
Dana  Gardner  sees  it,  Talaris  has  found 
a  practical  way  of  making  Web  services 
relevant.  “People  need  a  way  of  translat¬ 
ing  Web  services  into  their  daily  routines. 
Talaris  has  created  an  engine  to  allow 
people  to  be  reached  through  the  devices 
of  their  choice,  and  that’s  pretty  cool,” 
says  Gardner,  research  director  of  mes¬ 
saging  and  collaboration  services. 

The  flip  side  is  that  some  application 
vendors  may  be  leery  about  losing  the  pri¬ 
mary  relationship  with  the  user.  “What  we 
have  here  is  a  balancing  act,  in  that  Talaris 
can  act  as  a  catalyst  but  is  going  to  extract 
a  toll — a  piece  of  the  relationship  with  the 
customer,”  he  says.  “And  that’s  kind  of 
an  interesting  business  model.  It’s  blazing 
a  trail  for  how  a  Web  services  economy 
might  operate.”  ■ 
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THE  NEXT  THREAT  IS  JUST  AROUND 
THE  CORNER  -  HOW  DEEP  WILL  IT 
RITE  INTO  YOUR  BUSINESS? 


It's  a  jungle  out  there,  and  enterprise  security 
is  a  necessity  for  survival.  But  no  amount  of 
security  can  prepare  you  for  the  unknown 
threats  that  lurk  in  the  dark.  Hackers,  viruses, 
worms -they're  always  a  step  ahead,  and 
getting  more  sophisticated  by  the  day. 

How  will  you  respond? 

Arm  yourself  with  netForensics™  -  the 
real-time  security  software  breakthrough  that 
separates  the  cats  from  the  mice.  The  risk  of 
attack  is  increasing  exponentially.  You  already 
have  numerous  VPN  and  firewall  solutions  to 
protect  your  business-critical  data  -  but  you 
need  more.  You  need  a  tool  that  will  pull 
together  and  organize  security  data,  allowing 
you  to  make  quick  decisions  and  take  rapid 
action.  The  key  is  your  ability  to  respond  - 
and  to  do  this  effectively,  you  need  the  next 
evolution  of  security  information  management. 
With  the  power  of  Real-Time  Forensics’”,  you 
can  see  threats  as  they  happen,  analyze  their 
severity,  and  respond  before  the  infection 
spreads.  Designed  to  work  seamlessly  on  a 
variety  of  platforms,  netforensics  provides 
concise  reporting  and  custom  features  that 
will  help  your  respond  to  any  threat,  and  keep 
downtime  at  bay. 

Why  risk  your  neck?  Trust  netForensics  to 
deliver  the  power  of  real-time  insight  and 
real-time  action  to  your  business.  Visit  our 
website  today  at  www.netforensics.com  and 
learn  more  about  our  award-winning  security 
solutions.  Don't  let  security  threats  devour 
your  business  -  we'll  help  you  neutralize 
the  unknown. 


0  netForensics 

Real-Time  Insight.  Real-Time  Action.1" 


netForensics.com 
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PUNDITS 

Jim  Jones 


The  Internet  Is  a  Zoo 

Sharing  information  is  the  key  to  keeping  ahead  of  cyberattackers 


IMAGINE  this  scenario:  A  talented  pro¬ 
grammer  has  a  cool  idea.  The  program¬ 
mer  codes  a  prototype  in  a  few  days,  the 
prototype  is  reviewed  and  improved  by  a 
collection  of  the  best  programming  talent 
on  the  globe,  and  a  robust  final  product 
is  released  less  than  a  week  after  the  birth 
of  the  idea.  Further,  the  product  undergoes 
a  continuous  revision,  improvement  and 
release  cycle,  always  including  the  latest 
and  greatest  techniques  from  a  tireless 
worldwide  team  of  talented  programmers. 
Dreamland?  Hardly — this  scenario  is 
taken  from  real  life.  But  before  you  dust 
off  that  killer  app  proposal,  call  the  ven¬ 
ture  capitalists  and  order  the  Mercedes, 
professional  ethics  obligate  me  to  tell  you 
that  I’m  talking  about  the  world  of 
Internet  worms. 

The  recent  history  of  worm  attacks 
provides  a  diversity  that  Darwin  himself 
would  have  appreciated:  TIOn  attacked 
Unix  systems  with  a  single  exploit.  Ra- 
men  attacked  Unix  systems  with  multiple 
exploits.  Sadmind/IIS  was  multiplatform. 
Cheese  was  a  “good”  worm.  Code  Red 
exploited  Internet  information  server  vul¬ 
nerabilities  and  was  actively  modified  and 
rereleased.  Nimda  expanded  Code  Red’s 
exploits,  infected  clients  as  well  as  servers 
and  modified  the  scanning  algorithm. 
Leaves  attacked  already  compromised 
systems  and  could  be  updated  and  con¬ 
trolled  remotely.  And  a  slew  of  worms 
used  e-mail  to  propagate. 

As  if  a  quick  and  creative  worm-writing 
community  wasn’t  threatening  enough, 
two  factors  make  me  believe  the  storm  has 
yet  to  hit.  First,  clever  ideas  are  circulating 
in  public  forums  and  have  not  yet  been  suc¬ 
cessfully  implemented  in  a  widespread 
worm.  Here  are  a  few  examples. 


Reacting  quickly 
to  new  threats 
requires  a  robust 
information¬ 
sharing  and 
analysis  network. 


■  Abuse  of  trust  relationships,  like  instant 
messaging  systems  and  peer-to-peer  file 
sharing  applications;  why  break  a  window 
when  your  victim  invites  you  in? 

■  Scalable  remote  control  of  compromised 
systems;  Internet  relay  chat  (IRC)  is  the 
de  facto  control  mechanism  (bad  guys  can 
use  the  chat  channels  to  issue  system  com¬ 
mands),  but  it  has  its  limitations. 

■  Lightweight  worms  that  download  up¬ 
dated  or  specialized  code  from  other 


servers;  Leaves  tried  this  in  a  limited  sense, 
but  the  possibilities  are  much  broader. 

■  Incorporation  of  “zero-day”  exploits;  if 
someone  burns  a  zero-day  (an  attack  as  yet 
unknown  by  the  public)  on  a  worm,  expect 
it  to  do  more  than  spread  and  deface  with  a 
harmless  pseudopolitical  message. 

■  Stealth  spreading  and  infection;  current 
worms  are  as  subtle  as  your  e-commerce 
Web  server  crashing,  but  new  worms  will 
tiptoe  in  and  hide  in  the  shadows. 

■  Polymorphism  (code  that  changes  every 
time  it  propagates);  existing  worms  are 
easy  to  recognize,  but  polymorphic  worms 
are  well-disguised. 

Second,  the  less  creative  (and  usually 
less  skilled)  writers  continue  to  package 
existing  tools  and  techniques  to  create 
new  worms.  The  combination  of  a  lower 
skill  requirement  and  larger  target  popu¬ 
lation  means  more  worms  that  affect 
more  systems. 

We  cannot  eradicate  Internet  worms  any 
more  than  we  can  eradicate  biological 
viruses,  but  we  will  survive  with  a  similarly 
mixed  strategy  of  preventive  and  reactive 
defenses.  In  biology,  we  inoculate  against 
known  pathogens,  react  quickly  when  a 
new  threat  is  identified  and  treat  the  patient 
once  infected.  On  the  Internet,  inocula¬ 
tion  equates  to  applying  patches  promptly, 
implementing  sound  perimeter  security 
defenses  and  keeping  virus  definitions  up- 
to-date.  Reacting  quickly  to  new  threats 
requires  a  robust  information-sharing  and 
analysis  network.  Such  a  framework  is 
emerging,  and  I  encourage  you  to  tap 
into  one  or  more  of  the  available  sources 
(wivw.itisac.com,  www.nipc.gov,  ivww 
.sans.org  and  wwiv.cert.org ,  for  example). 
Finally,  treating  the  infection  requires  a 
prearranged  response  capability,  access  to 
actionable  intelligence  about  the  threat  (see 
the  information-sharing  sites,  above)  and 
an  accurate  picture  of  your  operational 
environment  and  defensive  options.  HE] 


Jim  Jones  directs  the  analysis  group  of  Predictive 
Systems  Global  Integrity  Unit,  where  he  and  his 
team  forecast  emerging  techniques  and  attacks. 
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Intranet  know-how 
from  those  who 
know  how. 

Get  a  first  hand  look  as  Microsoft  reveals  a  new  answer  to  Intranet 


challenges— SharePoint  Portal  Server  and  the  Microsoft  Solution  for 
Intranets— an  internal  portal  solution.  See,  first  hand,  how  these 
solutions  can  empower  your  knowledge  workplace  within  your  Intranet! 
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A  Cold  Look  at  Hot  Trends 

Too  Close 
for  Comfort 

CRM  may  be  a  marketer’s  dream,  but  companies 
should  still  pay  heed  to  privacy  and  ethical  concerns 

BY  ALAIN  JOURDIER 

WHEN  MY  WIFE  SAW  an  ad  for  a  new,  less  intrusive  blood-sugar  tester 
to  help  manage  her  diabetes  (available  free  via  a  coupon  at 
our  local  pharmacy),  she  snapped  it  up.  She’ll  do  anything  to 
make  a  distasteful  part  of  her  life  easier.  What  she  also  received 
in  the  bargain  was  an  onslaught  of  very  targeted  direct  mail 
and  Internet  solicitations  from  the  manufacturer  of  the  test  as 
well  as  from  several  pharmaceutical  companies. 

As  a  marketer,  I  like  the  fact  that  I  can  get  closer  to  my  cus¬ 
tomers  through  CRM.  And  I’m  well  aware  that  people  are 
willing  to  share  even  the  most  intimate  details  about  them¬ 
selves  if  they  think  they’re  getting  something  of  value.  CRM 
allows  a  business  to  have  a  dialogue  with  its  customers,  thus 


creating  an  opportunity  to  solve  problems  expediently,  identify 
needs,  and  increase  customer  satisfaction  and  revenue.  It’s  the 
company’s  eyes  and  ears  to  the  marketplace. 

Yet  as  a  consumer,  I’m  wary  that  every  nuance  in  my  fam¬ 
ily’s  private  life  is  simply  more  marketing  information  in 
search  of  a  perfect  pitch.  Old-fashioned  notions  of  privacy,  of 
course,  have  already  gone  out  the  window.  The  availability  of 
information  now  in  the  public  domain  is  staggering:  From 
toll-free  numbers  to  warranty  registration  cards  to  depart- 
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ment  of  motor  vehicles  records  to  catalogs  and  club  mem¬ 
berships,  information  about  most  everyone  is  on  a  database 
in  some  form  or  another.  The  vast  majority  of  solicitations 
from  these  sources  are  merely  intrusive  and  not  unethical. 

Gray  Ethics 

CRM  raises  some  disturbing  ethical  issues  that  fit  into  a  grayer, 
more  unregulated  arena.  These  are  issues  that  we  as  a  society 
must  grapple  with,  more  so  in  some  industries  than  others. 

For  instance,  the  pharmaceutical  companies  have  done  a  stellar 
job  of  exploiting  CRM.  Before  1994,  they  spent  less  than 
$50  million  a  year  in  direct-to-consumer  marketing,  but  in  2000 
they  spent  nearly  $2.5  billion.  Above  and  beyond  blanketing  the 
broadcast  and  print  media  with  advertising,  pharmaceutical  com¬ 


panies  are  using  CRM  to  hone  their  marketing  messages  to  spe¬ 
cific  doctors  and  patients.  Studies  have  shown  that  when  patients 
go  to  a  doctor  and  request  a  drug  seen  in  an  ad  or  a  direct  mail 
solicitation,  almost  half  the  time  they  will  walk  out  with  a  pre¬ 
scription  for  that  drug.  A  November  2001  study  by  The  Henry 
J.  Kaiser  Family  Foundation,  a  health-care  research  organization 
based  in  Menlo  Park,  Calif.,  found  that  of  those  people  who 
talked  to  their  doctor  about  a  medicine  they  saw  advertised, 
44  percent  said  that  the  doctor  gave  them  the  prescription  medi¬ 
cine  they  had  asked  about.  Some  observers  say  such  direct  mar¬ 
keting  to  consumers  is  unethical  because  it 
usurps  the  prescription  drug  system  and 
physician-patient  relationship  by  directly 
targeting  people  when  they  are  at  their  most 
vulnerable.  It  also  puts  tremendous  pressure 
on  physicians  to  prescribe  drugs  that  are 
usually  more  expensive  and  not  much  bet¬ 
ter  than  older,  generic  medications. 

Ironically,  most  of  the  health-care  indus¬ 
try  is  lagging  far  behind  in  using  CRM  to  manage  customers 
effectively  and  better  prepare  patients  to  be  wise  consumers  of 
its  services.  But  the  very  strategy  that  is  powering  pharmaceuti¬ 
cal  profits  could  greatly  enhance  the  physician-patient  relation¬ 
ship  as  well  as  build  customer  affinity  for  local  health-care 
providers.  For  instance,  numerous  studies  have  shown  that  people 
who  search  for  health-related  topics  online  are  consistently  less 
than  satisfied  because  they  would  rather  receive  this  information 
from  their  physician  and  local  hospital — institutions  they  already 
trust  and  can  access. 

Health  care  is  not  the  only  place  where  ethical  issues  with 
CRM  exist.  In  banking,  lenders  walk  a  fine  ethical  line  when 
they  target  sub-prime  loan  borrowers  who  pose  a  greater 


risk  because  of  previous  credit  problems  or  even  a  lack  of 
credit.  Those  loans  carry  higher  interest  rates  and  fees  and, 
in  many  documented  cases,  include  unfair  penalties  and  pro¬ 
visions.  There  have  been  instances  where  borrowers  who 
own  houses  with  equity  could  qualify  for  better  terms  yet 
were  steered  to  the  more  lucrative  sub-prime  market. 

A  Higher  Road 

If  we  as  a  nation  are  really  serious  about  curbing  health-care 
costs,  we  should  pressure  the  Food  and  Drug  Administration 
into  rescinding  its  regulation  that  permits  direct-to-consumer 
marketing  in  the  pharmaceutical  industry.  Medicare,  Medicaid 
and  health  plans  could  also  build  in  incentives  for  doctors  who 
resist  prescribing  a  new,  more  expensive  drug  when  an  older 

and  equally  effective 
generic  medication  is 
available.  Patient  edu¬ 
cation  is  the  key  here, 
and  many  health  plans  and  medical  groups  are  letting  their 
patients  know  the  true  cost  of  these  drugs  and  encouraging 
the  use  of  generics  when  possible. 

With  the  rapid  growth  of  technology  that  can  mine  even  the 
smallest  detail  about  a  customer,  IT  professionals,  marketers 
and  policy-makers  must  be  sensitive  to  these  ethical  issues.  When 
Seth  Godin  published  Permission  Marketing  in  1999,  he  estab¬ 
lished  the  basic  groundwork  for  ethical  CRM:  Ask  for  permis¬ 
sion  and  keep  the  relationship  honest  at  all  times.  A  relationship 
in  Godin’s  world  means  a  two-way  road  of  mutual  respect  and 
value,  not  a  one-way  ticket  to  exploitation.  Retention  of  cus¬ 
tomers  is  based  on  trust  developed  through  clear,  consistent,  non- 
intrusive  and  honest  dialogue  that  meets  expectations  all  around. 

But  permission  marketing  is  hard  work.  It  takes  longer  to 
acquire  customers  who  have  “raised  their  hand”  and  invited 
the  company  to  communicate  with  them.  But  in  the  end,  it’s 
worth  doing.  Not  following  this  philosophy  of  business  will 
only  invite  customer  ire  and  more  restrictive  legislation. 
Ultimately,  it  all  boils  down  to  IT  and  marketing  executives 
taking  the  high  road  by  being  the  voice  and  conscience  of  their 
company  and  making  sure  that  CRM  is  done  the  right  way. 

As  for  my  wife,  she’s  a  bargain  shopper,  and  the  privacy 
concerns  I  have  don’t  bother  her  nearly  as  much  as  they  do 
me.  So  long  as  she  gets  a  bargain  in  the  transaction,  it  seems  a 
fair  exchange.  Go  figure.  HEJ 


Do  you  think  companies  blur  ethical  boundaries  in 
their  use  of  CRM?  Let  Megan  Santosus,  senior 
editor  of  Opinion,  know  at  santosus@cio.com. 
Alain  Jourdier  teaches  health-care  marketing  at 
the  UCLA  School  of  Public  Health  MPH  for  Health 
Professionals  in  Los  Angeles. 


Permission  marketing  is  not  a  one-way  ticket  to  exploitation 
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To  read  more  on 
ethical  issues  sur¬ 
rounding  CRM,  visit 

the  CRM  RESEARCH 
CENTER  at 

www.cio.com/crm. 
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ERP  and  CRM 


Trying  to  take  the  guesswork  out  of  implementing  an  ERP  or 
CRM  application  may  seem  like  an  impossible  task.  Between 
evaluating,  negotiating,  budgeting,  selecting,  and  executing 
the  plan,  the  "unknowns"  can  seem  daunting,  and  the  process 
never-ending. 

TURN  TO  YOUR  PEERS  — who  have  walked  this  path  before 
you  — for  advice.  The  2002  ERP  and  CRM  Vendor  Scorecard 
from  Peerstone  Research  captures  the  challenges,  benefits, 
and  advice  from  the  true  experts— 163  Enterprise  Application 
users  — real  practitioners  whose  experience  will  help  you  make 
the  right  decision  for  your  enterprise. 

For  only  $795,  the  2002  ERP  and  CRM  Vendor  Scorecard  is 

delivered  right  to  your  desktop  giving  you  immediate  access  to 
the  information  you  need.  Looking  for  peer-based  ratings  for 
enterprise  software  Systems  Integrators?  See  our  companion 
report,  the  2002  Systems  Integrator  Scorecard.  Printed 
copies,  volume  pricing  and  site  licenses  available  — see  our  web 
site  for  more  information. 
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An  Apple  for 
the  Enterprise 

“IF  YOU  WANT  to  sell  more  computers  to  the  home  market,  sell  more 
computers  to  the  enterprise  market.”  That  was  how  a  Gartner 
research  analyst  answered  an  inquiry  from  a  representative 
of  a  tier-three  PC  company  in  October  1995.  Makes  sense, 
doesn’t  it?  If  I  stare  at  a  Dell  computer  on  my  desktop  all  day 
at  work,  Dell  will  most  likely  be  top  of  mind  when  I’m  in  the 
market  for  a  home  computer. 

I  was  thinking  of  that  Gartner  moment  when  I  visited  one 
of  those  hip  Apple  retail  stores  and  watched  two  IT  profes¬ 
sionals  go  ga-ga  over  the  new  iMac  personal  computer.  I  asked 
them  what  they  thought  of  the  machine. 

“All  things  being  equal,”  the  first  responded,  “I  would  rather 
have  an  iMac  on  my  desk  than  a  clunky  PC.”  Then  the  other 
IT  pro  chimed  in.  “But  all  things  are  not  equal.  We  are  a  Wintel 
shop  with  no  room  for  iMacs  in  our  organization.”  Just  before 
we  parted,  the  first  IT  pro  mentioned  something  about  moving 
servers  to  a  Linux  environment.  And  that  got  me  thinking:  That’s 
how  Apple  can  make  inroads  into  the  enterprise  market. 

Apple  should  make  a  special  iMac  model  for  enterprises  that 
runs  a  Linux  client  OS.  In  the  process,  Apple  would  increase  its 
share  of  the  home  market  as  well.  Efforts  to  make  an  advanced, 
easy-to-use  graphical  user  interface  for  Linux — most  notably 


those  made  by  former  Apple  software  evangelist  Andy  Hertzfeld 
and  Eazel’s  Guy  Tribble — were  ahead  of  their  time.  Eazel  and 
its  graphical  file  manager  product  called  Nautilus  failed  because 
of  market  conditions,  not  product  conditions.  The  enterprise  was 
not  ready  for  broad-based  Linux  in  1999  and  2000. 

But  thanks  in  part  to  the  long  IT  spending  drought,  Linux’s 
market  appeal  to  CIOs  and  the  enterprise  is  high. 

Some  say  it  would  be  fairly  simple  for  Apple  to  get  a  ver¬ 
sion  of  Linux  to  run  on  the  new  iMac.  The  challenge  remains 
in  the  graphical  user  interface  (and  all  the  back-office  stuff  like 
drivers,  plug-and-play  and  networking).  But  it  can  be  done. 

Steve  Jobs,  if  he  is  serious  about  making  Apple  into  a  feared 
technology  power,  should  round  up  the  old  Eazel  players,  pay 
them  hoards  of  money  and  announce  the  new  iMac  Linux 
machine  at  this  summer’s  MacWorld  Conference  &  Expo. 

I  wager  there  are  millions — if  not  tens  of  millions — of 
former  Mac  users  like  me  who  would  welcome  the  move.  And 
buy  more  Macs  for  the  office  and  home. 

What  about  you?  If  Apple  introduced  a  Linux  iMac  client, 
would  your  organization  consider  buying  it?  I  look  forward  to 
your  reply. 
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COVER  STORY  I  CRM  for  Less 

By  Susannah  Patton  156 

Ever  since  the  economy  dipped,  the 
majority  of  CIOs  making  CRM 
investments  are  doing  so  incremen¬ 
tally.  CIO  research  finds  that  64  percent 
have  learned  to  implement  CRM  projects  in 
baby  steps  rather  than  taking  one  giant  leap. 
For  example,  Airborne  Express  purchased  a 
sales-force  automation  tool  for  $3  million — 
half  the  cost  of  a  full  CRM  suite.  Other 
companies  are  foregoing  the  suite  in  favor  of 
integrating  existing  systems  with  best-of- 
breed  CRM  tools.  FedEx  Services  was  able 
to  integrate  its  sales-force  automation 
application  with  its  PeopleSoft  ERP  system, 
a  sales  compensation  application  from 
Trilogy  and  call  center  software  from  Clarify. 
A  third  way  to  acquire  CRM  systems  faster 
and  cheaper  is  the  rental  model.  Investment 
bank  Putnam  Lovell  Securities  chose  an 
application  service  provider  rather  than 
shelling  out  $2  million  to  buy  its  own 
software.  The  ASP  route  has  reduced  the 
bank’s  total  cost  of  ownership  by  57  percent. 


“The  big  CRM  suite 
can  be  a  disadvantage 
if  you’re  paying  for 
more  than  what 
you’re  going  to  use 
in  the  near  term.” 

-DAVID  BILLINGS,  CIO, 
AIRBORNE  EXPRESS 


Employee  Morale  By  Simone  Kaplan  I  92 

MORALE  IS  A  BUSINESS  ISSUE.  Low  morale  increases  turnover,  and  turnover  (when 
unplanned)  is  bad  for  managers,  the  department  and  the  bottom  line.  Low  morale  in  the  IT  staff  is 
the  CIO’s  responsibility  to  fix,  even  if  the  cause  is  external,  like  the  economy.  CIOs  with  experience 
at  troubled  companies  in  retail  and  airline  industries  say  identifying  a  morale  problem  is  the  first  step 
toward  fixing  it.  A  CIO  must  listen  for  clues  that  lie  in  what  employees  are  not  saying.  Look  for  a 
drop  in  energy  level.  Are  people  no  longer  contributing  to  discussions?  Are  they  talking  but  being 
pessimistic?  CIOs  can  bolster  morale  by  communicating  openly  and  honestly  through  the  bad  times. 
They  should  keep  training  programs  in  place  to  solidify  a  sense  of  commitment  to  and  investment  in 
the  staff.  When  morale  is  low,  CIOs  should  treat  employees  as  if  they’re  volunteers,  not  paid  workers. 


Cingular’s  IT  Consolidation  By  Derek  Slater  1 100 

WHEN  THE  CINGULAR  BRAND  WAS  LAUNCHED  in  2000,  the  company  had  60  call 

centers,  the  result  of  years  of  mergers  and  acquisitions.  With  customer  service  a  key  competitive 
differentiator,  Cingular  knew  it  had  to  consolidate  the  call  centers  and  its  1 1  major  customer  billing 
systems.  Two  years  later,  Cingular  runs  20  brand-new  multifunction  call  center  facilities  and  has 
reduced  its  billing  systems  to  just  two.  After  taking  inventory  of  its  existing  systems — 1,400  in  total — 
cross-functional  teams  led  by  IT  began  choosing  technology  standards  to  use  in  consolidation.  They 
developed  decision  matrices  to  weigh  factors  such  as  desired  functionality,  expected  system  life  spans, 
the  effect  of  growth  and  more.  Migrations  were  done  slowly.  For  example,  two  billing  systems  now 
run  concurrently,  but  the  company  will  settle  on  a  single  system  in  2003.  With  a  similarly  measured 
pace,  old  centers  were  kept  online  as  new  ones  came  up.  Call  loads  were  balanced  among  them  while 
systems  were  tested,  employees  trained  and  kinks  worked  out  in  the  new  facilities. 


Retail  Forecasting  By  Meridith  Levinson  I  116 

IN  THE  RETAIL  INDUSTRY,  good  demand  forecasting  must  account  for  all  the  complexities  of 
the  business — thousands  of  products,  hundreds  of  stores,  the  impact  of  promotions  and  supplier 
problems.  In  today’s  economy,  it’s  even  more  important  to  get  it  right  and  maximize  profit  when 
mistakes  lead  to  overstocks.  As  part  of  its  forecasting  toolkit,  Sears  uses  a  weather  forecasting  system, 
which  predicted  a  mild  December  in  the  Northeast.  So  Sears  bought  fewer  heavy  coats  and  shifted 
its  stock  mix  away  from  wool  toward  lighter  leather  coats.  That  worked,  but  no  matter  how  good 
the  forecasting  tool,  there  will  occasionally  be  leftover  items.  New  price  optimization  tools  can  help 
stores  find  the  highest  price  they  can  charge  and  still  move  the  excess  merchandise  in  a  given  period. 


Case  Study:  NAVSEA  Knowledge  Management  By  Stephanie  Overby  \  126 

BECAUSE  THE  REQUISITION  OF  A  U.S.  NAVY  SHIP  or  warfare  system  takes  several 
years,  the  organization  in  charge  of  that  process,  the  Naval  Sea  Systems  Command  (NAVSEA), 
developed  best  practices  to  reduce  the  money  and  time  spent  during  the  acquisition  life  cycle.  It’s  hard 
to  retain  those  best  practices,  however,  since  NAVSEA  invariably  loses  employees  to  retirement  or 
new  tours  of  duty  during  the  years  it  takes  to  build  a  naval  vessel.  A  knowledge  management 
database  was  the  answer.  But  Navy  culture  emphasizes  information  confidentiality  and  internal 
competition,  so  sharing  information  did  not  come  naturally  to  NAVSEA’s  45,000  employees. 

NAVSEA  succeeded  by  ensuring  an  immediate  reward  for  sharing  knowledge  in  each  best  practice 
area:  an  easier  way  to  get  tasks  done.  For  steadfast  resistors,  NAVSEA  made  it  impossible  for  them  to 
work  with  anyone  else  without  giving  up  their  own  piece  of  information. 
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"We  told  KPMG  Consulting: 
we  need  a  web-based 
enrollment  system  so  simple..." 
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A/IarAr  Hammersmith 

CIO  Institutional  Business,  MetLife 


“...that  our  MetLife  customers  can  more  easily  manage 
their  financial  future. 

"The  MetLife  mission  is  to  build  financial  freedom 
for  our  customers.  KPMG  Consulting  worked  with 
us  to  design  and  build  an  on-line  system  faster  than 
we  had  thought  possible.  The  new  system  gives 
our  customers  a  single  site  for  enrollment,  product 
information,  and  performance. 

"Our  customers  and  our  own  employees  are 
very  happy  with  their  'new  freedom.'  Customer 
satisfaction  scores  are  up,  and  so  are  employee 
productivity  and  our  operating  earnings." 


Paul  McDonnell 

Managing  Director,  Financial  Services,  KPMG  Consulting 


"We're  delighted  that  we  surprised  MetLife  with  how 
quickly  we  were  able  to  help  them  design  and  build  their 
new  on-line  system. 

"But  we're  even  happier  that  the  system  helped  them 
become  an  even  more  successful  company. 

"After  all,  that's  the  reason  we're  in  business." 


YOU  CAN  HEAR  THEIR  STORY  @  www.kpmgconsulting.com/results 
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LaWson  Software 


You  shouldn't  have  to  adapt  your  company  to  fit  some  imposing  enterprise  software  design.  At  Lawson,  we  create 
software  solutions  for  specific  industries.  Our  industry  experts  make  sure  of  it.  The  result  is  proven  software  that 
works  for  you.  With  deeper  functionality.  Fast,  seamless  implementation.  Rapid  return  on  investment.  Lower  total 
cost  of  ownership.  And  experienced  consulting  and  support  teams  to  meet  your  ongoing  needs.  Which  explains  why 
many  of  our  customers  are  industry  leaders.  Details  await  you  at  www.lawson.com/truck7  or  call  1  -  800-477-1357. 


